Vulnerabilities > Redhat > Enterprise Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-04-26 CVE-2019-9788 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5.
network
low complexity
mozilla redhat CWE-787
critical
 9.8
9.8
2019-04-26 CVE-2019-9791 Type Confusion vulnerability in multiple products
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR).
network
low complexity
mozilla redhat CWE-843
critical
 9.8
9.8
2019-04-26 CVE-2019-9792 Out-of-bounds Write vulnerability in multiple products
The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout.
network
low complexity
mozilla redhat CWE-787
critical
 9.8
9.8
2019-04-22 CVE-2019-11234 Improper Authentication vulnerability in multiple products
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
network
low complexity
freeradius fedoraproject redhat canonical CWE-287
critical
 9.8
9.8
2019-04-22 CVE-2019-11235 Insufficient Verification of Data Authenticity vulnerability in multiple products
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
network
low complexity
freeradius fedoraproject redhat canonical opensuse CWE-345
critical
 9.8
9.8
2019-03-27 CVE-2019-0160 Out-of-bounds Write vulnerability in multiple products
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
network
low complexity
tianocore opensuse fedoraproject redhat CWE-787
critical
 9.8
9.8
2019-03-08 CVE-2019-9636 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization.
network
low complexity
python fedoraproject opensuse debian canonical redhat oracle
critical
 9.8
9.8
2019-02-22 CVE-2018-20784 Infinite Loop vulnerability in multiple products
In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.
network
low complexity
linux canonical redhat CWE-835
critical
 9.8
9.8
2019-02-20 CVE-2019-7164 SQL Injection vulnerability in multiple products
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
network
low complexity
sqlalchemy debian opensuse redhat oracle CWE-89
critical
 9.8
9.8
2019-02-06 CVE-2019-3822 Out-of-bounds Write vulnerability in multiple products
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow.
network
low complexity
haxx canonical debian netapp siemens oracle redhat CWE-787
critical
 9.8
9.8