Vulnerabilities > Redhat > Enterprise Linux > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-21 | CVE-2018-25010 | Out-of-bounds Read vulnerability in multiple products A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). | 9.1 |
2021-05-21 | CVE-2018-25009 | Out-of-bounds Read vulnerability in multiple products A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). | 9.1 |
2021-03-25 | CVE-2021-3466 | A flaw was found in libmicrohttpd. | 9.8 |
2021-03-19 | CVE-2019-10196 | A flaw was found in http-proxy-agent, prior to version 2.1.0. | 9.8 |
2021-03-12 | CVE-2021-20231 | A flaw was found in gnutls. | 9.8 |
2021-03-12 | CVE-2021-20232 | A flaw was found in gnutls. | 9.8 |
2020-12-21 | CVE-2020-27846 | A signature verification vulnerability exists in crewjam/saml. | 9.8 |
2020-02-20 | CVE-2014-4650 | Path Traversal vulnerability in multiple products The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. | 9.8 |
2020-02-17 | CVE-2014-8089 | SQL Injection vulnerability in multiple products SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. | 9.8 |
2020-02-08 | CVE-2015-5741 | HTTP Request Smuggling vulnerability in multiple products The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields. | 9.8 |