Redhat: Security Vulnerabilities
A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVSS Score
7.4
EPSS Score
0.015
Published
2019-01-09
A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.024
Published
2019-01-09
A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.014
Published
2019-01-09
A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.013
Published
2019-01-09
Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVSS Score
9.6
EPSS Score
0.016
Published
2019-01-09
A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
CVSS Score
8.8
EPSS Score
0.19
Published
2019-01-09
Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
CVSS Score
8.8
EPSS Score
0.006
Published
2019-01-09
A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.527
Published
2019-01-09
A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js.
CVSS Score
8.8
EPSS Score
0.017
Published
2019-01-09
A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7.
CVSS Score
4.7
EPSS Score
0.001
Published
2019-01-03