Vulnerabilities > Redhat > Enterprise Linux Workstation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-09 | CVE-2016-9651 | Code Injection vulnerability in multiple products A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
| 2019-01-03 | CVE-2018-16876 | Information Exposure vulnerability in multiple products ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. | 5.3 |
| 2019-01-03 | CVE-2018-20662 | Improper Input Validation vulnerability in multiple products In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. | 6.5 |
| 2019-01-01 | CVE-2018-20650 | Improper Input Validation vulnerability in multiple products A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. | 6.5 |
| 2018-12-20 | CVE-2018-19134 | Incorrect Type Conversion or Cast vulnerability in multiple products In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. | 7.8 |
| 2018-12-20 | CVE-2018-1000878 | Use After Free vulnerability in multiple products libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. | 8.8 |
| 2018-12-20 | CVE-2018-1000877 | Double Free vulnerability in multiple products libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. | 8.8 |
| 2018-12-20 | CVE-2018-1000876 | Integer Overflow or Wraparound vulnerability in multiple products binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. | 7.8 |
| 2018-12-19 | CVE-2018-15127 | Out-of-bounds Write vulnerability in multiple products LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution | 9.8 |
| 2018-12-13 | CVE-2018-19039 | Information Exposure vulnerability in multiple products Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. | 6.5 |