Vulnerabilities > Redhat > Enterprise Linux Workstation > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-03-23 | CVE-2019-9948 | Path Traversal vulnerability in multiple products urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. | 9.1 |
2019-03-08 | CVE-2019-9636 | Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. | 9.8 |
2019-02-28 | CVE-2018-12390 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. | 9.8 |
2019-02-28 | CVE-2018-12392 | When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. | 9.8 |
2019-02-28 | CVE-2018-12405 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. | 9.8 |
2019-02-28 | CVE-2018-18492 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. | 9.8 |
2019-02-28 | CVE-2018-18493 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. | 9.8 |
2019-02-28 | CVE-2018-18498 | Integer Overflow or Wraparound vulnerability in multiple products A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. | 9.8 |
2019-02-19 | CVE-2019-5759 | Use After Free vulnerability in multiple products Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2019-02-11 | CVE-2018-12547 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. | 9.8 |