Redhat Enterprise Linux Server vulnerabilities

CVE-2018-12396 [MEDIUM] CWE-732 CVE-2018-12396: A vulnerability where a WebExtension can run content scripts in disallowed contexts following naviga A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.

CVE-2019-1559 [MEDIUM] CWE-203 CVE-2019-1559: If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to sen If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behave

CVE-2019-5759 [CRITICAL] CWE-416 CVE-2019-5759: Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72. Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2019-5771 [HIGH] CVE-2019-5771: An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a rem An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

CVE-2019-5758 [HIGH] CWE-787 CVE-2019-5758: Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remo Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-5764 [HIGH] CWE-416 CVE-2019-5764: Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attac Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-5780 [HIGH] CWE-20 CVE-2019-5780: Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 7 Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.

CVE-2019-5782 [HIGH] CWE-125 CVE-2019-5782: Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote att Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2019-5757 [HIGH] CWE-704 CVE-2019-5757: An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote a An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

CVE-2019-5760 [HIGH] CWE-416 CVE-2019-5760: Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a r Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-5762 [HIGH] CWE-119 CVE-2019-5762: Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowe Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

CVE-2019-5755 [HIGH] CWE-189 CVE-2019-5755: Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote at Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.

CVE-2019-5761 [HIGH] CWE-787 CVE-2019-5761: Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-5756 [HIGH] CWE-416 CVE-2019-5756: Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowe Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

CVE-2019-5772 [HIGH] CWE-416 CVE-2019-5772: Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626. Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

CVE-2019-5770 [HIGH] CWE-125 CVE-2019-5770: Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attac Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2019-5763 [HIGH] CWE-754 CVE-2019-5763: Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote atta Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-5774 [HIGH] CWE-862 CVE-2019-5774: Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file.

CVE-2019-5769 [HIGH] CWE-20 CVE-2019-5769: Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-5767 [MEDIUM] CWE-1021 CVE-2019-5767: Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.8 Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK.