Vulnerabilities > Redhat > Enterprise Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-02-07 CVE-2019-15605 HTTP Request Smuggling vulnerability in multiple products
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
network
low complexity
nodejs debian fedoraproject opensuse redhat oracle CWE-444
critical
9.8
2020-02-07 CVE-2019-15606 Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
network
low complexity
nodejs oracle debian redhat opensuse
critical
9.8
2020-01-07 CVE-2019-14906 A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability.
network
low complexity
libsdl redhat
critical
9.8
2019-12-06 CVE-2019-19333 Out-of-bounds Write vulnerability in multiple products
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits".
network
low complexity
cesnet redhat CWE-787
critical
9.8
2019-12-06 CVE-2019-19334 Out-of-bounds Write vulnerability in multiple products
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref".
network
low complexity
cesnet redhat fedoraproject CWE-787
critical
9.8
2019-11-27 CVE-2011-2717 Injection vulnerability in multiple products
The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.
network
low complexity
linux redhat CWE-74
critical
9.8
2019-11-27 CVE-2019-14896 A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver.
network
low complexity
linux redhat fedoraproject canonical debian
critical
9.8
2019-11-22 CVE-2014-3585 Improper Verification of Cryptographic Signature vulnerability in Redhat Enterprise Linux and Redhat-Upgrade-Tool
redhat-upgrade-tool: Does not check GPG signatures when upgrading versions
network
low complexity
redhat CWE-347
critical
9.8
2019-11-17 CVE-2019-19012 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker.
network
low complexity
oniguruma-project debian fedoraproject redhat CWE-190
critical
9.8
2019-11-12 CVE-2011-2897 Improper Input Validation vulnerability in multiple products
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw
network
low complexity
gnome redhat debian CWE-20
critical
9.8