Vulnerabilities > Redhat > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-11 | CVE-2018-18335 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2018-12-11 | CVE-2018-17481 | Use After Free vulnerability in multiple products Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 8.8 |
| 2018-12-11 | CVE-2018-17480 | Out-of-bounds Write vulnerability in multiple products Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
| 2018-12-10 | CVE-2018-1000866 | Improper Privilege Management vulnerability in multiple products A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permission, or unauthorized attackers with SCM commit privileges and corresponding pipelines based on Jenkinsfiles set up in Jenkins, to execute arbitrary code on the Jenkins master JVM | 8.8 |
| 2018-12-10 | CVE-2018-1000865 | Improper Privilege Management vulnerability in multiple products A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed. | 8.8 |
| 2018-12-10 | CVE-2018-1000863 | Path Traversal vulnerability in multiple products A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jenkins. | 8.2 |
| 2018-12-07 | CVE-2018-5805 | Out-of-bounds Write vulnerability in multiple products A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash. | 8.8 |
| 2018-12-07 | CVE-2018-5802 | Out-of-bounds Read vulnerability in multiple products An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. | 8.8 |
| 2018-12-06 | CVE-2018-9568 | Incorrect Type Conversion or Cast vulnerability in multiple products In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. | 7.8 |
| 2018-12-04 | CVE-2018-6101 | Improper Input Validation vulnerability in multiple products A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server. | 7.5 |