Vulnerabilities > Redhat > High

DATE CVE VULNERABILITY TITLE RISK
2018-12-12 CVE-2018-20103 Infinite Loop vulnerability in multiple products
An issue was discovered in dns.c in HAProxy through 1.8.14.
network
low complexity
haproxy canonical redhat CWE-835
7.5
7.5
2018-12-12 CVE-2018-20102 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14.
network
low complexity
haproxy canonical redhat CWE-125
7.5
7.5
2018-12-11 CVE-2018-18359 Out-of-bounds Read vulnerability in multiple products
Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google redhat debian CWE-125
8.8
8.8
2018-12-11 CVE-2018-18356 Use After Free vulnerability in multiple products
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian canonical redhat opensuse CWE-416
8.8
8.8
2018-12-11 CVE-2018-18354 Improper Input Validation vulnerability in multiple products
Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.
network
low complexity
google redhat debian CWE-20
8.8
8.8
2018-12-11 CVE-2018-18347 Improper Input Validation vulnerability in multiple products
Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page.
network
low complexity
google redhat debian CWE-20
8.8
8.8
2018-12-11 CVE-2018-18343 Use After Free vulnerability in multiple products
Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google redhat debian CWE-416
8.8
8.8
2018-12-11 CVE-2018-18342 Out-of-bounds Write vulnerability in multiple products
Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google redhat debian CWE-787
8.8
8.8
2018-12-11 CVE-2018-18341 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google redhat debian CWE-190
8.8
8.8
2018-12-11 CVE-2018-18340 Use After Free vulnerability in multiple products
Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google redhat debian CWE-416
8.8
8.8