Vulnerabilities > Redhat > Enterprise Linux Server > High

DATE CVE VULNERABILITY TITLE RISK
2019-02-28 CVE-2018-18492 Use After Free vulnerability in Mozilla Firefox and Firefox ESR
A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection.
network
low complexity
mozilla debian canonical redhat CWE-416
7.5
2019-02-28 CVE-2018-12405 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Firefox ESR
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3.
network
low complexity
mozilla canonical debian redhat CWE-119
7.5
2019-02-28 CVE-2018-12392 Unspecified vulnerability in Mozilla Firefox and Firefox ESR
When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling.
network
low complexity
mozilla debian canonical redhat
7.5
2019-02-28 CVE-2018-12390 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Firefox ESR
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2.
network
low complexity
mozilla debian canonical redhat CWE-119
7.5
2019-02-19 CVE-2019-5782 Out-of-bounds Write vulnerability in multiple products
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google debian redhat fedoraproject CWE-787
8.8
2019-02-19 CVE-2019-5780 Improper Input Validation vulnerability in multiple products
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.
local
low complexity
google redhat debian fedoraproject CWE-20
7.8
2019-02-19 CVE-2019-5774 Missing Authorization vulnerability in multiple products
Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file.
network
low complexity
google debian redhat fedoraproject CWE-862
8.8
2019-02-19 CVE-2019-5772 Use After Free vulnerability in multiple products
Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
network
low complexity
google debian redhat fedoraproject CWE-416
8.8
2019-02-19 CVE-2019-5771 An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
network
low complexity
google redhat fedoraproject
8.8
2019-02-19 CVE-2019-5770 Out-of-bounds Read vulnerability in multiple products
Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google debian redhat fedoraproject CWE-125
8.8