Vulnerabilities > Redhat > Enterprise Linux > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-21 | CVE-2018-25011 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). | 9.8 |
| 2021-05-21 | CVE-2018-25010 | Out-of-bounds Read vulnerability in multiple products A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). | 9.1 |
| 2021-05-21 | CVE-2018-25009 | Out-of-bounds Read vulnerability in multiple products A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). | 9.1 |
| 2021-03-25 | CVE-2021-3466 | A flaw was found in libmicrohttpd. | 9.8 |
| 2021-03-19 | CVE-2019-10196 | A flaw was found in http-proxy-agent, prior to version 2.1.0. | 9.8 |
| 2021-03-12 | CVE-2021-20231 | A flaw was found in gnutls. | 9.8 |
| 2021-03-12 | CVE-2021-20232 | A flaw was found in gnutls. | 9.8 |
| 2020-12-21 | CVE-2020-27846 | A signature verification vulnerability exists in crewjam/saml. | 9.8 |
| 2020-02-20 | CVE-2014-4650 | Path Traversal vulnerability in multiple products The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. | 9.8 |
| 2020-02-17 | CVE-2014-8089 | SQL Injection vulnerability in multiple products SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. | 9.8 |