Vulnerabilities > Redhat > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-10-17 | CVE-2018-18445 | Out-of-bounds Read vulnerability in multiple products In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts. | 7.8 |
2018-10-15 | CVE-2018-17961 | Information Exposure Through an Error Message vulnerability in multiple products Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. | 8.6 |
2018-10-09 | CVE-2018-17963 | Integer Overflow or Wraparound vulnerability in multiple products qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. | 7.5 |
2018-10-08 | CVE-2018-1000807 | Use After Free vulnerability in multiple products Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. | 8.1 |
2018-10-06 | CVE-2018-17456 | Argument Injection or Modification vulnerability in multiple products Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. | 7.5 |
2018-09-28 | CVE-2018-14648 | Resource Exhaustion vulnerability in multiple products A flaw was found in 389 Directory Server. | 7.8 |
2018-09-25 | CVE-2018-14634 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. | 7.8 |
2018-09-25 | CVE-2018-6054 | Use After Free vulnerability in multiple products Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. | 8.8 |
2018-09-25 | CVE-2018-6043 | Improper Input Validation vulnerability in multiple products Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page. | 8.8 |
2018-09-25 | CVE-2018-6035 | Information Exposure vulnerability in multiple products Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. | 8.8 |