Vulnerabilities > Redhat > Enterprise Linux Server

DATE CVE VULNERABILITY TITLE RISK
2018-12-11 CVE-2018-17480 Out-of-bounds Write vulnerability in multiple products
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google redhat debian CWE-787
8.8
8.8
2018-12-07 CVE-2018-5806 NULL Pointer Dereference vulnerability in multiple products
An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.
network
low complexity
libraw redhat CWE-476
6.5
6.5
2018-12-07 CVE-2018-5805 Out-of-bounds Write vulnerability in multiple products
A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.
network
low complexity
libraw redhat CWE-787
8.8
8.8
2018-12-07 CVE-2018-5802 Out-of-bounds Read vulnerability in multiple products
An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
network
low complexity
libraw redhat canonical debian CWE-125
8.8
8.8
2018-12-07 CVE-2018-5801 NULL Pointer Dereference vulnerability in multiple products
An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.
network
low complexity
libraw redhat canonical debian CWE-476
6.5
6.5
2018-12-07 CVE-2018-5800 Off-by-one Error vulnerability in multiple products
An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
network
low complexity
libraw redhat canonical debian CWE-193
6.5
6.5
2018-12-07 CVE-2018-18311 Integer Overflow or Wraparound vulnerability in multiple products
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
network
low complexity
perl canonical debian netapp redhat apple fedoraproject mcafee CWE-190
critical
 9.8
9.8
2018-12-06 CVE-2018-9568 Incorrect Type Conversion or Cast vulnerability in multiple products
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion.
local
low complexity
google canonical redhat linux CWE-704
7.8
7.8
2018-12-04 CVE-2018-6152 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.
network
low complexity
google redhat debian CWE-434
critical
 9.6
9.6
2018-12-03 CVE-2018-16863 It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509.
local
low complexity
artifex redhat
7.8
7.8