Vulnerabilities > Redhat > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-05 | CVE-2019-14910 | Improper Certificate Validation vulnerability in Redhat Keycloak 7.0.0/7.0.1 A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered. | 9.8 |
| 2019-12-03 | CVE-2013-4486 | Injection vulnerability in Redhat Zanata Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging | 9.8 |
| 2019-11-27 | CVE-2011-2717 | Injection vulnerability in multiple products The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. | 9.8 |
| 2019-11-27 | CVE-2019-14896 | Heap-based Buffer Overflow vulnerability in multiple products A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. | 9.8 |
| 2019-11-26 | CVE-2019-14842 | Incorrect Conversion between Numeric Types vulnerability in Redhat Libnbd Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks. | 9.8 |
| 2019-11-22 | CVE-2014-3585 | Improper Verification of Cryptographic Signature vulnerability in Redhat Enterprise Linux and Redhat-Upgrade-Tool redhat-upgrade-tool: Does not check GPG signatures when upgrading versions | 9.8 |
| 2019-11-21 | CVE-2014-3700 | Injection vulnerability in Redhat Edeploy and Jboss Enterprise web Server eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data | 9.8 |
| 2019-11-21 | CVE-2012-3460 | Improper Input Validation vulnerability in Redhat Enterprise MRG 2.0 cumin: At installation postgresql database user created without password | 9.8 |
| 2019-11-17 | CVE-2019-19012 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. | 9.8 |
| 2019-11-12 | CVE-2011-2897 | Improper Input Validation vulnerability in multiple products gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw | 9.8 |