Vulnerabilities > Redhat > Enterprise Linux Server TUS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-28 | CVE-2018-12389 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. | 6.8 |
| 2019-02-20 | CVE-2019-7164 | SQL Injection vulnerability in multiple products SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. | 7.5 |
| 2019-02-15 | CVE-2019-6974 | Use After Free vulnerability in multiple products In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. | 8.1 |
| 2019-02-12 | CVE-2019-8308 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file. | 4.4 |
| 2019-02-09 | CVE-2019-7665 | Out-of-bounds Read vulnerability in multiple products In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. | 4.3 |
| 2019-02-09 | CVE-2019-7664 | Out-of-bounds Write vulnerability in multiple products In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. | 5.5 |
| 2019-02-06 | CVE-2019-7548 | SQL Injection vulnerability in multiple products SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. | 6.8 |
| 2019-02-05 | CVE-2018-18506 | When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. | 5.9 |
| 2019-02-05 | CVE-2018-18505 | Improper Authentication vulnerability in Mozilla Firefox and Firefox ESR An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. | 7.5 |
| 2019-02-05 | CVE-2018-18500 | Use After Free vulnerability in Mozilla Firefox and Firefox ESR A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. | 7.5 |