U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:x64:*
  • CPE Name Search: true
There are 1,211 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2019-5767

Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK.

Published: February 19, 2019; 12:29:01 PM -0500
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-5766

Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Published: February 19, 2019; 12:29:01 PM -0500
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-5765

An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent.

Published: February 19, 2019; 12:29:00 PM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-5764

Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: February 19, 2019; 12:29:00 PM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-5763

Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: February 19, 2019; 12:29:00 PM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-5762

Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

Published: February 19, 2019; 12:29:00 PM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-5761

Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: February 19, 2019; 12:29:00 PM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-5760

Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: February 19, 2019; 12:29:00 PM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-5759

Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Published: February 19, 2019; 12:29:00 PM -0500
V3.0: 9.6 CRITICAL
V2.0: 6.8 MEDIUM
CVE-2019-5758

Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: February 19, 2019; 12:29:00 PM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-5757

An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

Published: February 19, 2019; 12:29:00 PM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-5756

Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

Published: February 19, 2019; 12:29:00 PM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-5755

Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.

Published: February 19, 2019; 12:29:00 PM -0500
V3.0: 8.1 HIGH
V2.0: 5.8 MEDIUM
CVE-2019-5754

Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy.

Published: February 19, 2019; 12:29:00 PM -0500
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-12549

In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.

Published: February 11, 2019; 10:29:00 AM -0500
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-12547

In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.

Published: February 11, 2019; 10:29:00 AM -0500
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-18506

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65.

Published: February 05, 2019; 4:29:00 PM -0500
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-18505

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.

Published: February 05, 2019; 4:29:00 PM -0500
V3.0: 10.0 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-18501

Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.

Published: February 05, 2019; 4:29:00 PM -0500
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-18500

A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.

Published: February 05, 2019; 4:29:00 PM -0500
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH