Vulnerabilities > Redhat > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-12-10 CVE-2013-2166 Inadequate Encryption Strength vulnerability in multiple products
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
network
low complexity
openstack redhat fedoraproject debian CWE-326
critical
 9.8
9.8
2019-12-06 CVE-2019-5544 Out-of-bounds Write vulnerability in multiple products
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue.
network
low complexity
vmware redhat openslp fedoraproject CWE-787
critical
 9.8
9.8
2019-12-06 CVE-2019-19334 Out-of-bounds Write vulnerability in multiple products
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref".
network
low complexity
cesnet redhat fedoraproject CWE-787
critical
 9.8
9.8
2019-12-06 CVE-2019-19333 Out-of-bounds Write vulnerability in multiple products
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits".
network
low complexity
cesnet redhat CWE-787
critical
 9.8
9.8
2019-11-27 CVE-2011-2717 Injection vulnerability in multiple products
The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.
network
low complexity
linux redhat CWE-74
critical
 10.0
10
2019-11-27 CVE-2019-14896 Heap-based Buffer Overflow vulnerability in multiple products
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver.
network
low complexity
linux redhat fedoraproject canonical debian CWE-122
critical
 9.8
9.8
2019-11-26 CVE-2019-14842 Incorrect Conversion between Numeric Types vulnerability in Redhat Libnbd
Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks.
network
low complexity
redhat CWE-681
critical
 9.8
9.8
2019-11-22 CVE-2014-3585 Improper Verification of Cryptographic Signature vulnerability in Redhat Enterprise Linux and Redhat-Upgrade-Tool
redhat-upgrade-tool: Does not check GPG signatures when upgrading versions
network
low complexity
redhat CWE-347
critical
 9.8
9.8
2019-11-17 CVE-2019-19012 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker.
network
low complexity
oniguruma-project debian fedoraproject redhat CWE-190
critical
 9.8
9.8
2019-11-01 CVE-2011-3923 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
network
low complexity
apache redhat CWE-732
critical
 9.8
9.8