Vulnerabilities > Redhat > High

DATE CVE VULNERABILITY TITLE RISK
2018-11-29 CVE-2018-15978 Out-of-bounds Read vulnerability in multiple products
Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability.
network
low complexity
adobe redhat CWE-125
7.5
7.5
2018-11-28 CVE-2018-12121 Resource Exhaustion vulnerability in multiple products
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure.
network
low complexity
nodejs redhat CWE-400
7.5
7.5
2018-11-23 CVE-2018-19477 Incorrect Type Conversion or Cast vulnerability in multiple products
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
local
low complexity
artifex debian canonical redhat CWE-704
7.8
7.8
2018-11-23 CVE-2018-19476 Incorrect Type Conversion or Cast vulnerability in multiple products
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
local
low complexity
artifex debian canonical redhat CWE-704
7.8
7.8
2018-11-23 CVE-2018-19475 psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
local
low complexity
artifex debian canonical redhat
7.8
7.8
2018-11-16 CVE-2018-16396 An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3.
network
high complexity
ruby-lang canonical debian redhat
8.1
8.1
2018-11-14 CVE-2018-6083 Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.
network
low complexity
google redhat debian
8.8
8.8
2018-11-14 CVE-2018-6074 Improper Input Validation vulnerability in multiple products
Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page.
network
low complexity
google redhat debian CWE-20
8.8
8.8
2018-11-14 CVE-2018-6073 Out-of-bounds Write vulnerability in multiple products
A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
network
low complexity
google redhat debian CWE-787
8.8
8.8
2018-11-14 CVE-2018-6072 Use After Free vulnerability in multiple products
An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
network
low complexity
google redhat debian CWE-416
8.8
8.8