Vulnerabilities > Redhat > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-11 | CVE-2019-5736 | OS Command Injection vulnerability in multiple products runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. local low complexity docker linuxfoundation redhat google linuxcontainers hp netapp apache opensuse d2iq fedoraproject canonical microfocus CWE-78 | 8.6 |
| 2019-02-11 | CVE-2018-12549 | Improper Input Validation vulnerability in multiple products In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it. | 7.5 |
| 2019-02-11 | CVE-2018-12547 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. | 7.5 |
| 2019-02-06 | CVE-2018-16890 | Integer Overflow or Wraparound vulnerability in multiple products libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. | 7.5 |
| 2019-02-06 | CVE-2019-1003011 | Uncontrolled Recursion vulnerability in multiple products An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation. | 8.1 |
| 2019-02-05 | CVE-2018-18505 | Improper Authentication vulnerability in Mozilla Firefox and Firefox ESR An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. | 7.5 |
| 2019-02-05 | CVE-2018-18501 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Firefox ESR Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. | 7.5 |
| 2019-02-05 | CVE-2018-18500 | Use After Free vulnerability in Mozilla Firefox and Firefox ESR A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. | 7.5 |
| 2019-02-03 | CVE-2019-7310 | Incorrect Conversion between Numeric Types vulnerability in multiple products In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. | 7.8 |
| 2019-01-28 | CVE-2018-16889 | Information Exposure Through Log Files vulnerability in Redhat Ceph Ceph does not properly sanitize encryption keys in debug logging for v4 auth. | 7.5 |