Vulnerabilities > Redhat > Enterprise Linux Server > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-08-26 CVE-2011-2767 Code Injection vulnerability in multiple products
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.
network
low complexity
apache debian redhat canonical CWE-94
critical
9.8
2018-08-24 CVE-2018-14599 Off-by-one Error vulnerability in multiple products
An issue was discovered in libX11 through 1.6.5.
network
low complexity
x-org debian canonical fedoraproject redhat CWE-193
critical
9.8
2018-08-01 CVE-2015-9262 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.
network
low complexity
debian canonical x redhat CWE-119
critical
9.8
2018-07-27 CVE-2016-9603 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest.
network
low complexity
qemu redhat citrix debian CWE-119
critical
9.9
2018-07-27 CVE-2017-15101 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4.
network
low complexity
liblouis redhat CWE-119
critical
9.8
2018-07-27 CVE-2017-2620 Out-of-bounds Write vulnerability in multiple products
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue.
network
low complexity
qemu redhat citrix debian xen CWE-787
critical
9.9
2018-07-27 CVE-2017-2640 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content.
network
low complexity
pidgin redhat debian CWE-787
critical
9.8
2018-07-17 CVE-2018-14354 OS Command Injection vulnerability in multiple products
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.
network
low complexity
mutt neomutt canonical debian redhat CWE-78
critical
9.8
2018-07-17 CVE-2018-14357 OS Command Injection vulnerability in multiple products
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.
network
low complexity
mutt neomutt canonical debian redhat CWE-78
critical
9.8
2018-07-17 CVE-2018-14362 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.
network
low complexity
mutt neomutt canonical debian redhat CWE-119
critical
9.8