Vulnerabilities > Redhat > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-01-07 CVE-2019-14837 Use of Hard-coded Credentials vulnerability in Redhat Keycloak
A flaw was found in keycloack before version 8.0.0.
network
low complexity
redhat CWE-798
critical
 9.1
9.1
2020-01-02 CVE-2019-14859 Improper Verification of Cryptographic Signature vulnerability in multiple products
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding.
network
low complexity
python-ecdsa-project redhat CWE-347
critical
 9.1
9.1
2020-01-02 CVE-2019-10158 Session Fixation vulnerability in multiple products
A flaw was found in Infinispan through version 9.4.14.Final.
network
low complexity
infinispan redhat CWE-384
critical
 9.8
9.8
2019-12-15 CVE-2014-3699 Deserialization of Untrusted Data vulnerability in Redhat Edeploy and Jboss Enterprise web Server
eDeploy has RCE via cPickle deserialization of untrusted data
network
low complexity
redhat CWE-502
critical
 9.8
9.8
2019-12-13 CVE-2014-0175 Use of Hard-coded Credentials vulnerability in multiple products
mcollective has a default password set at install
network
low complexity
puppet redhat debian CWE-798
critical
 9.8
9.8
2019-12-10 CVE-2013-2167 Insufficient Verification of Data Authenticity vulnerability in multiple products
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass
network
low complexity
openstack redhat debian CWE-345
critical
 9.8
9.8
2019-12-10 CVE-2013-2166 Inadequate Encryption Strength vulnerability in multiple products
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
network
low complexity
openstack redhat fedoraproject debian CWE-326
critical
 9.8
9.8
2019-12-06 CVE-2019-5544 Out-of-bounds Write vulnerability in multiple products
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue.
network
low complexity
vmware redhat openslp fedoraproject CWE-787
critical
 9.8
9.8
2019-12-06 CVE-2019-19334 Out-of-bounds Write vulnerability in multiple products
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref".
network
low complexity
cesnet redhat fedoraproject CWE-787
critical
 9.8
9.8
2019-12-06 CVE-2019-19333 Out-of-bounds Write vulnerability in multiple products
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits".
network
low complexity
cesnet redhat CWE-787
critical
 9.8
9.8