Vulnerabilities > Redhat > High

DATE CVE VULNERABILITY TITLE RISK
2018-12-04 CVE-2018-6094 Out-of-bounds Write vulnerability in multiple products
Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google redhat debian CWE-787
8.8
8.8
2018-12-04 CVE-2018-6092 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google redhat debian CWE-190
8.8
8.8
2018-12-04 CVE-2018-6090 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google redhat debian CWE-190
8.8
8.8
2018-12-04 CVE-2018-6088 Improper Input Validation vulnerability in multiple products
An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
network
low complexity
google redhat debian CWE-20
8.8
8.8
2018-12-04 CVE-2018-6087 Use After Free vulnerability in multiple products
A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google redhat debian CWE-416
8.8
8.8
2018-12-04 CVE-2018-6086 Use After Free vulnerability in multiple products
A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
network
low complexity
google redhat debian CWE-416
8.8
8.8
2018-12-04 CVE-2018-6085 Use After Free vulnerability in multiple products
Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
network
low complexity
google redhat debian CWE-416
8.8
8.8
2018-12-03 CVE-2018-16863 It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509.
local
low complexity
artifex redhat
7.8
7.8
2018-11-30 CVE-2018-16476 Deserialization of Untrusted Data vulnerability in multiple products
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have.
network
low complexity
rubyonrails redhat CWE-502
7.5
7.5
2018-11-30 CVE-2018-14637 Improper Authentication vulnerability in Redhat Keycloak
The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions.
network
high complexity
redhat CWE-287
8.1
8.1