Vulnerabilities > Redhat > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-07-19 CVE-2019-1010238 Out-of-bounds Write vulnerability in multiple products
Gnome Pango 1.42 and later is affected by: Buffer Overflow.
network
low complexity
gnome oracle fedoraproject debian canonical redhat CWE-787
critical
 9.8
9.8
2019-07-09 CVE-2018-11307 Deserialization of Untrusted Data vulnerability in multiple products
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5.
network
low complexity
fasterxml redhat oracle CWE-502
critical
 9.8
9.8
2019-07-02 CVE-2019-10137 Path Traversal vulnerability in Redhat Satellite and Spacewalk
A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens.
network
low complexity
redhat CWE-22
critical
 9.8
9.8
2019-06-19 CVE-2019-11040 Out-of-bounds Read vulnerability in multiple products
When PHP EXIF extension is parsing EXIF information from an image, e.g.
network
low complexity
php redhat opensuse debian CWE-125
critical
 9.1
9.1
2019-06-19 CVE-2019-11039 Integer Overflow or Wraparound vulnerability in multiple products
Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers.
network
low complexity
php redhat opensuse debian CWE-190
critical
 9.1
9.1
2019-06-14 CVE-2019-10126 Heap-based Buffer Overflow vulnerability in multiple products
A flaw was found in the Linux kernel.
network
low complexity
linux redhat canonical debian opensuse netapp CWE-122
critical
 9.8
9.8
2019-06-12 CVE-2019-3888 Information Exposure Through Log Files vulnerability in multiple products
A vulnerability was found in Undertow web server before 2.0.21.
network
low complexity
redhat netapp CWE-532
critical
 9.8
9.8
2019-06-12 CVE-2019-3873 Cross-site Scripting vulnerability in Redhat products
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML.
network
low complexity
redhat CWE-79
critical
 9.0
9.0
2019-06-07 CVE-2019-10160 Encoding Error vulnerability in multiple products
A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL.
network
low complexity
python redhat debian opensuse fedoraproject canonical netapp CWE-172
critical
 9.8
9.8
2019-06-03 CVE-2019-11356 Out-of-bounds Write vulnerability in multiple products
The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.
network
low complexity
cyrus fedoraproject debian canonical redhat CWE-787
critical
 9.8
9.8