Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-09 | CVE-2018-16082 | Out-of-bounds Read vulnerability in multiple products An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | 6.5 |
| 2019-01-09 | CVE-2018-16079 | Race Condition vulnerability in multiple products A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 5.3 |
| 2019-01-09 | CVE-2018-16078 | Information Exposure vulnerability in multiple products Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
| 2019-01-09 | CVE-2018-16067 | Use After Free vulnerability in multiple products A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.5 |
| 2019-01-09 | CVE-2018-16066 | Use After Free vulnerability in multiple products A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.5 |
| 2019-01-03 | CVE-2018-16885 | A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. | 5.5 |
| 2019-01-03 | CVE-2018-16876 | Information Exposure vulnerability in multiple products ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. | 5.3 |
| 2019-01-03 | CVE-2018-20662 | Improper Input Validation vulnerability in multiple products In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. | 6.5 |
| 2019-01-01 | CVE-2018-20650 | Improper Input Validation vulnerability in multiple products A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. | 6.5 |
| 2018-12-13 | CVE-2018-19039 | Information Exposure vulnerability in multiple products Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. | 6.5 |