Vulnerabilities > Redhat > Enterprise Linux Workstation > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-10-09 CVE-2018-14649 Command Injection vulnerability in Redhat products
It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode.
network
low complexity
redhat CWE-77
critical
 9.8
9.8
2018-09-03 CVE-2018-16402 Double Free vulnerability in multiple products
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
network
low complexity
elfutils-project debian redhat opensuse canonical CWE-415
critical
 9.8
9.8
2018-08-28 CVE-2017-15398 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server.
network
low complexity
google redhat debian CWE-119
critical
 9.8
9.8
2018-08-26 CVE-2011-2767 Code Injection vulnerability in multiple products
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.
network
low complexity
apache debian redhat canonical CWE-94
critical
 9.8
9.8
2018-08-24 CVE-2018-14599 Off-by-one Error vulnerability in multiple products
An issue was discovered in libX11 through 1.6.5.
network
low complexity
x-org debian canonical fedoraproject redhat CWE-193
critical
 9.8
9.8
2018-07-27 CVE-2016-9603 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest.
network
low complexity
qemu redhat citrix debian CWE-119
critical
 9.9
9.9
2018-07-27 CVE-2017-2620 Out-of-bounds Write vulnerability in multiple products
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue.
network
low complexity
qemu redhat citrix debian xen CWE-787
critical
 9.9
9.9
2018-07-09 CVE-2018-5002 Out-of-bounds Write vulnerability in multiple products
Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability.
network
low complexity
adobe apple linux microsoft google redhat CWE-787
critical
 10.0
10
2018-07-05 CVE-2018-12910 Out-of-bounds Read vulnerability in multiple products
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
network
low complexity
gnome canonical debian redhat opensuse CWE-125
critical
 9.8
9.8
2018-07-03 CVE-2017-2615 Out-of-bounds Write vulnerability in multiple products
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue.
network
low complexity
qemu redhat citrix debian xen CWE-787
critical
 9.1
9.1