Vulnerabilities > Redhat > Enterprise Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-05-21 CVE-2018-25010 Out-of-bounds Read vulnerability in multiple products
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().
network
low complexity
webmproject redhat CWE-125
critical
9.1
2021-05-21 CVE-2018-25009 Out-of-bounds Read vulnerability in multiple products
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().
network
low complexity
webmproject redhat CWE-125
critical
9.1
2021-03-25 CVE-2021-3466 A flaw was found in libmicrohttpd.
network
low complexity
gnu redhat fedoraproject
critical
9.8
2021-03-19 CVE-2019-10196 A flaw was found in http-proxy-agent, prior to version 2.1.0.
network
low complexity
http-proxy-agent-project fedoraproject redhat
critical
9.8
2021-03-12 CVE-2021-20231 A flaw was found in gnutls.
network
low complexity
gnu redhat fedoraproject netapp
critical
9.8
2021-03-12 CVE-2021-20232 A flaw was found in gnutls.
network
low complexity
gnu redhat fedoraproject
critical
9.8
2020-12-21 CVE-2020-27846 A signature verification vulnerability exists in crewjam/saml.
network
low complexity
grafana saml-project redhat fedoraproject
critical
9.8
2020-02-20 CVE-2014-4650 Path Traversal vulnerability in multiple products
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.
network
low complexity
python redhat CWE-22
critical
9.8
2020-02-17 CVE-2014-8089 SQL Injection vulnerability in multiple products
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.
network
low complexity
zend redhat fedoraproject CWE-89
critical
9.8
2020-02-08 CVE-2015-5741 HTTP Request Smuggling vulnerability in multiple products
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.
network
low complexity
golang redhat CWE-444
critical
9.8