Vulnerabilities > Redhat > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-5378 | Information Exposure vulnerability in multiple products Hashed codes of JavaScript objects are shared between pages. | 7.5 |
| 2018-06-11 | CVE-2016-9905 | Improper Access Control vulnerability in multiple products A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. | 8.8 |
| 2018-06-11 | CVE-2016-9904 | Information Exposure vulnerability in multiple products An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. | 7.5 |
| 2018-06-11 | CVE-2016-9902 | Origin Validation Error vulnerability in multiple products The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. | 7.5 |
| 2018-06-11 | CVE-2016-9900 | 7PK - Security Features vulnerability in multiple products External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. | 7.5 |
| 2018-06-11 | CVE-2016-9897 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. | 7.5 |
| 2018-06-11 | CVE-2016-9079 | Use After Free vulnerability in multiple products A use-after-free vulnerability in SVG Animation has been discovered. | 7.5 |
| 2018-06-08 | CVE-2018-12020 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. | 7.5 |
| 2018-06-05 | CVE-2018-1000180 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. | 7.5 |
| 2018-06-01 | CVE-2016-1000338 | Improper Verification of Cryptographic Signature vulnerability in multiple products In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. | 7.5 |