Vulnerabilities > Redhat > Enterprise Linux Server > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-03-27 CVE-2019-0160 Out-of-bounds Write vulnerability in multiple products
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
network
low complexity
tianocore opensuse fedoraproject redhat CWE-787
critical
9.8
2019-03-23 CVE-2019-9948 Path Traversal vulnerability in multiple products
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
network
low complexity
python opensuse debian fedoraproject canonical redhat CWE-22
critical
9.1
2019-03-08 CVE-2019-9636 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization.
network
low complexity
python fedoraproject opensuse debian canonical redhat oracle
critical
9.8
2019-02-28 CVE-2018-12390 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2.
network
low complexity
mozilla debian canonical redhat CWE-119
critical
9.8
2019-02-28 CVE-2018-12392 When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling.
network
low complexity
mozilla debian canonical redhat
critical
9.8
2019-02-28 CVE-2018-12405 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3.
network
low complexity
mozilla debian canonical redhat CWE-119
critical
9.8
2019-02-28 CVE-2018-18492 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection.
network
low complexity
mozilla debian canonical redhat CWE-416
critical
9.8
2019-02-28 CVE-2018-18493 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit.
network
low complexity
mozilla debian canonical redhat CWE-119
critical
9.8
2019-02-28 CVE-2018-18498 Integer Overflow or Wraparound vulnerability in multiple products
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value.
network
low complexity
mozilla debian canonical redhat CWE-190
critical
9.8
2019-02-19 CVE-2019-5759 Use After Free vulnerability in multiple products
Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian redhat fedoraproject CWE-416
critical
9.6