Enterprise Linux Workstation

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-07	CVE-2018-5802	Out-of-bounds Read vulnerability in multiple products An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. network low complexity libraw redhat canonical debian CWE-125	8.8
2018-12-07	CVE-2018-5801	NULL Pointer Dereference vulnerability in multiple products An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference. network low complexity libraw redhat canonical debian CWE-476	6.5
2018-12-07	CVE-2018-5800	Off-by-one Error vulnerability in multiple products An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash. network low complexity libraw redhat canonical debian CWE-193	6.5
2018-12-07	CVE-2018-18311	Integer Overflow or Wraparound vulnerability in multiple products Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. network low complexity perl canonical debian netapp redhat apple fedoraproject mcafee CWE-190 critical	9.8
2018-12-06	CVE-2018-9568	Incorrect Type Conversion or Cast vulnerability in multiple products In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. local low complexity google canonical redhat linux CWE-704	7.8
2018-12-04	CVE-2018-6152	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction. network low complexity google redhat debian CWE-434 critical	9.6
2018-12-03	CVE-2018-16863	It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. local low complexity artifex redhat	7.8
2018-11-29	CVE-2018-15981	Incorrect Type Conversion or Cast vulnerability in multiple products Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. network low complexity adobe redhat CWE-704 critical	9.8
2018-11-29	CVE-2018-15978	Out-of-bounds Read vulnerability in multiple products Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. network low complexity adobe redhat CWE-125	7.5
2018-11-29	CVE-2018-8787	Integer Overflow or Wraparound vulnerability in multiple products FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution. network low complexity freerdp canonical debian redhat CWE-190 critical	9.8