Vulnerabilities > Redhat > Enterprise Linux Workstation > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-10-18 CVE-2018-5156 Improper Input Validation vulnerability in multiple products
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring.
network
low complexity
redhat debian canonical mozilla CWE-20
critical
9.8
2018-10-18 CVE-2018-5188 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8.
network
low complexity
debian canonical mozilla redhat CWE-119
critical
9.8
2018-10-17 CVE-2018-3183 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting).
network
high complexity
oracle redhat debian canonical hp
critical
9.0
2018-10-09 CVE-2018-14649 Unspecified vulnerability in Redhat products
It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode.
network
low complexity
redhat
critical
9.8
2018-10-06 CVE-2018-17456 Argument Injection or Modification vulnerability in multiple products
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
network
low complexity
git-scm redhat canonical debian CWE-88
critical
9.8
2018-09-03 CVE-2018-16402 Double Free vulnerability in multiple products
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
network
low complexity
elfutils-project debian redhat opensuse canonical CWE-415
critical
9.8
2018-08-29 CVE-2018-12825 Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability.
network
low complexity
adobe redhat
critical
9.8
2018-08-29 CVE-2018-12828 Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability.
network
low complexity
adobe redhat
critical
9.8
2018-08-28 CVE-2017-15398 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server.
network
low complexity
google redhat debian CWE-119
critical
9.8
2018-08-26 CVE-2011-2767 Code Injection vulnerability in multiple products
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.
network
low complexity
apache debian redhat canonical CWE-94
critical
9.8