Security Measurement
Days of Risk Report (automatically generated)
This is a sample report run from the public available data sets. Other example reports are also available, or alternatively run your own with the programs provided.
Product: Red Hat Enterprise Linux 8 (all packages)
CPE: cpe:/o:redhat:enterprise_linux:8
Starting date: 20190507
Ending date: 20210420
For Severity: Critical
24 issues with half of all issues (median) fixed within 5.5 days. Average of 21.1 days.
| CVE | RHSA | Description | Severity | Public | Fixed | Days |
|---|---|---|---|---|---|---|
| CVE-2020-27221 | RHSA-2021:0736 | In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. | C | 20210212 | 20210304 | 20 |
| CVE-2020-16044 | RHSA-2021:0052 RHSA-2021:0089 | Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet. | C | 20210106 | 20210111 | 5 |
| CVE-2020-26950 | RHSA-2020:5100 RHSA-2020:5146 | In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2. | C | 20201109 | 20201112 | 3 |
| CVE-2020-1147 | RHSA-2020:2938 RHSA-2020:2954 | A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. | C | 20200714 | 20200715 | 1 |
| CVE-2020-12387 | RHSA-2020:2031 RHSA-2020:2046 | A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. | C | 20200505 | 20200506 | 1 |
| CVE-2020-12395 | RHSA-2020:2031 RHSA-2020:2046 | Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. | C | 20200505 | 20200506 | 1 |
| CVE-2020-6819 | RHSA-2020:1341 RHSA-2020:1495 | Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. | C | 20200403 | 20200407 | 4 |
| CVE-2020-6820 | RHSA-2020:1341 RHSA-2020:1495 | Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. | C | 20200403 | 20200407 | 4 |
| CVE-2020-11100 | RHSA-2020:1288 | In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. | C | 20200402 | 20200402 | 0 |
| CVE-2020-0603 | RHSA-2020:0130 | A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'. | C | 20200114 | 20200116 | 2 |
| CVE-2019-17026 | RHSA-2020:0111 RHSA-2020:0127 | Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1. | C | 20200108 | 20200114 | 6 |
| CVE-2019-11043 | RHSA-2019:3735 RHSA-2019:3736 | In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. | C | 20191024 | 20191106 | 13 |
| CVE-2019-11764 | RHSA-2019:3196 RHSA-2019:3237 | Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. | C | 20191022 | 20191024 | 2 |
| CVE-2019-11709 | RHSA-2019:1764 RHSA-2019:1799 | Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | C | 20190710 | 20190711 | 1 |
| CVE-2019-11707 | RHSA-2019:1623 RHSA-2019:1696 | A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2. | C | 20190619 | 20190627 | 8 |
| CVE-2019-9800 | RHSA-2019:1269 RHSA-2019:1308 | Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. | C | 20190522 | 20190523 | 1 |
| CVE-2018-12547 | RHSA-2019:1238 | In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code. | C | 20190301 | 20190516 | 76 |
| CVE-2018-12549 | RHSA-2019:1238 | In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it. | C | 20190301 | 20190516 | 76 |
| CVE-2019-9788 | RHSA-2019:0966 RHSA-2019:1144 | Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | C | 20190320 | 20190507 | 48 |
| CVE-2019-9790 | RHSA-2019:0966 RHSA-2019:1144 | A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | C | 20190320 | 20190507 | 48 |
| CVE-2019-9791 | RHSA-2019:0966 RHSA-2019:1144 | The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | C | 20190320 | 20190507 | 48 |
| CVE-2019-9792 | RHSA-2019:0966 RHSA-2019:1144 | The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | C | 20190320 | 20190507 | 48 |
| CVE-2019-9810 | RHSA-2019:0966 RHSA-2019:1144 | Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. | C | 20190322 | 20190507 | 46 |
| CVE-2019-9813 | RHSA-2019:0966 RHSA-2019:1144 | Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. | C | 20190322 | 20190507 | 46 |
Notes:
- This report is for illustrative purposes only and has been generated automatically. You are advised to check the report and data for accuracy if you are relying on it's contents
- The date an issue was first known to the public is based on data collected by Red Hat, Steven Christey, and third party researchers. The date an issue was fixed is parsed from data supplied by Red Hat Network with additional data from the archives of Red Hat mailing lists. The raw data is available
- The description (where supplied) is taken verbatim from the CVE dictionary.
- Dates are based on UTC timezone where possible. The actual time of day an advisory is released and issue is public is not taken into account, therefore some issues that say "1 day" are actually less than 24 hours. "0 day" means 'on the same date'.