Vulnerabilities > Redhat > Enterprise Linux Workstation > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-02-11 CVE-2018-12549 Improper Input Validation vulnerability in multiple products
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.
network
low complexity
eclipse redhat CWE-20
critical
9.8
2019-02-05 CVE-2018-18500 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements.
network
low complexity
mozilla canonical debian redhat CWE-416
critical
9.8
2019-02-05 CVE-2018-18501 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4.
network
low complexity
mozilla canonical debian redhat CWE-119
critical
9.8
2019-02-05 CVE-2018-18505 Improper Authentication vulnerability in multiple products
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation.
network
low complexity
mozilla canonical debian redhat CWE-287
critical
10.0
2019-01-18 CVE-2018-15982 Use After Free vulnerability in multiple products
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability.
network
low complexity
adobe redhat CWE-416
critical
9.8
2019-01-09 CVE-2018-16068 Improper Input Validation vulnerability in multiple products
Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian redhat CWE-20
critical
9.6
2019-01-09 CVE-2018-6127 Use After Free vulnerability in multiple products
Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian redhat CWE-416
critical
9.6
2018-12-19 CVE-2018-15127 Out-of-bounds Write vulnerability in multiple products
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution
network
low complexity
libvnc-project canonical redhat debian CWE-787
critical
9.8
2018-12-07 CVE-2018-18311 Integer Overflow or Wraparound vulnerability in multiple products
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
network
low complexity
perl canonical debian netapp redhat apple fedoraproject mcafee CWE-190
critical
9.8
2018-12-04 CVE-2018-6152 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.
network
low complexity
google redhat debian CWE-434
critical
9.6