Vulnerabilities > Redhat > Enterprise Linux Workstation > High

DATE CVE VULNERABILITY TITLE RISK
2018-10-15 CVE-2018-17961 Information Exposure Through an Error Message vulnerability in multiple products
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup.
local
low complexity
artifex debian canonical redhat CWE-209
8.6
8.6
2018-10-09 CVE-2018-18074 Insufficiently Protected Credentials vulnerability in multiple products
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
network
low complexity
python canonical opensuse redhat CWE-522
7.5
7.5
2018-10-08 CVE-2018-1000807 Use After Free vulnerability in multiple products
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution..
network
high complexity
pyopenssl canonical redhat CWE-416
8.1
8.1
2018-10-08 CVE-2018-1000805 Incorrect Authorization vulnerability in multiple products
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE.
network
low complexity
paramiko redhat debian canonical CWE-863
8.8
8.8
2018-09-25 CVE-2018-14634 An integer overflow flaw was found in the Linux kernel's create_elf_tables() function.
local
low complexity
linux redhat canonical netapp
7.8
7.8
2018-09-25 CVE-2018-6054 Use After Free vulnerability in multiple products
Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
network
low complexity
google redhat debian CWE-416
8.8
8.8
2018-09-25 CVE-2018-6043 Improper Input Validation vulnerability in multiple products
Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.
network
low complexity
google debian redhat CWE-20
8.8
8.8
2018-09-25 CVE-2018-6035 Information Exposure vulnerability in multiple products
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.
network
low complexity
google debian redhat CWE-200
8.8
8.8
2018-09-25 CVE-2018-6034 Out-of-bounds Read vulnerability in multiple products
Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google debian redhat CWE-125
8.1
8.1
2018-09-25 CVE-2018-6033 Improper Input Validation vulnerability in multiple products
Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension.
network
low complexity
google redhat debian CWE-20
8.8
8.8