Redhat Enterprise Linux Workstation vulnerabilities

CVE-2019-5766 [MEDIUM] CVE-2019-5766: Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2019-5754 [MEDIUM] CWE-327 CVE-2019-5754: Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker r Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy.

CVE-2019-5775 [MEDIUM] CVE-2019-5775: Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allow Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

CVE-2019-5773 [MEDIUM] CWE-346 CVE-2019-5773: Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.

CVE-2019-5778 [MEDIUM] CWE-79 CVE-2019-5778: A missing case for handling special schemes in permission request checks in Extensions in Google Chr A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.

CVE-2019-5779 [MEDIUM] CWE-862 CVE-2019-5779: Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a rem Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVE-2019-5768 [MEDIUM] CWE-269 CVE-2019-5768: DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0 DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.

CVE-2019-5781 [MEDIUM] CVE-2019-5781: Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allow Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

CVE-2019-5765 [MEDIUM] CWE-312 CVE-2019-5765: An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allow An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent.

CVE-2019-8383 [HIGH] CWE-119 CVE-2019-8383: An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.

CVE-2019-8379 [HIGH] CWE-476 CVE-2019-8379: An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the functio An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted

CVE-2019-6974 [HIGH] CWE-362 CVE-2019-6974: In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles referen In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

CVE-2019-8308 [HIGH] CWE-668 CVE-2019-8308: Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sand Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.

CVE-2018-12549 [CRITICAL] CWE-111 CVE-2018-12549: In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the r In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.

CVE-2018-12547 [CRITICAL] CWE-20 CVE-2018-12547: In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native method In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.

CVE-2019-7664 [MEDIUM] CWE-787 CVE-2019-7664: In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h becau In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).

CVE-2019-7665 [MEDIUM] CWE-125 CVE-2019-7665: In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in el In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.

CVE-2018-18500 [CRITICAL] CWE-416 CVE-2018-18500: A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML e A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.

CVE-2018-18501 [CRITICAL] CWE-119 CVE-2018-18501: Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firef Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox <

CVE-2018-18505 [CRITICAL] CVE-2018-18505: An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authenti An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later chann