Vulnerabilities > Redhat > Enterprise Linux FOR Scientific Computing > 6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-10 | CVE-2019-13728 | Out-of-bounds Write vulnerability in multiple products Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2019-12-10 | CVE-2019-13727 | Improper Preservation of Permissions vulnerability in multiple products Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | 8.8 |
| 2019-12-10 | CVE-2019-13726 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | 8.8 |
| 2019-12-10 | CVE-2019-13725 | Use After Free vulnerability in multiple products Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | 8.8 |
| 2019-02-04 | CVE-2019-7317 | Use After Free vulnerability in multiple products png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. | 5.3 |
| 2017-08-09 | CVE-2015-3405 | Insufficient Entropy vulnerability in multiple products ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. | 7.5 |
| 2016-12-22 | CVE-2016-9675 | Out-of-bounds Write vulnerability in multiple products openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. | 7.8 |
| 2016-06-13 | CVE-2016-2818 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 8.8 |
| 2014-09-25 | CVE-2014-7169 | OS Command Injection vulnerability in multiple products GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. | 9.8 |
| 2014-09-24 | CVE-2014-6271 | OS Command Injection vulnerability in multiple products GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. | 9.8 |