Vulnerabilities > Redhat > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-09 | CVE-2018-17458 | Improper Validation of Array Index vulnerability in multiple products An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
| 2019-01-09 | CVE-2018-16083 | Out-of-bounds Read vulnerability in multiple products An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 8.8 |
| 2019-01-09 | CVE-2018-16081 | Missing Authorization vulnerability in multiple products Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension. | 7.4 |
| 2019-01-09 | CVE-2018-16076 | Out-of-bounds Read vulnerability in multiple products Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. | 8.8 |
| 2019-01-09 | CVE-2018-16071 | Use After Free vulnerability in multiple products A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. | 8.8 |
| 2019-01-09 | CVE-2018-16065 | Use After Free vulnerability in multiple products A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
| 2019-01-09 | CVE-2016-9651 | Code Injection vulnerability in multiple products A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
| 2019-01-09 | CVE-2019-0542 | Code Injection vulnerability in multiple products A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js. | 8.8 |
| 2018-12-21 | CVE-2018-20346 | Integer Overflow or Wraparound vulnerability in multiple products SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. | 8.1 |
| 2018-12-20 | CVE-2018-19134 | Incorrect Type Conversion or Cast vulnerability in multiple products In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. | 7.8 |