Vulnerabilities > Canonical > Ubuntu Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2018-5167 | Improper Input Validation vulnerability in multiple products The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. | 4.3 |
| 2018-06-11 | CVE-2018-5166 | Improper Privilege Management vulnerability in multiple products WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. | 5.0 |
| 2018-06-11 | CVE-2018-5164 | Cross-site Scripting vulnerability in multiple products Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. | 4.3 |
| 2018-06-11 | CVE-2018-5163 | Improper Preservation of Permissions vulnerability in multiple products If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. | 5.1 |
| 2018-06-11 | CVE-2018-5162 | Missing Encryption of Sensitive Data vulnerability in multiple products Plaintext of decrypted emails can leak through the src attribute of remote images, or links. | 5.0 |
| 2018-06-11 | CVE-2018-5161 | Improper Input Validation vulnerability in multiple products Crafted message headers can cause a Thunderbird process to hang on receiving the message. | 4.3 |
| 2018-06-11 | CVE-2018-5160 | Use After Free vulnerability in multiple products WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. | 5.0 |
| 2018-06-11 | CVE-2018-5158 | Code Injection vulnerability in multiple products The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. | 6.8 |
| 2018-06-11 | CVE-2018-5157 | Information Exposure vulnerability in multiple products Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. | 5.0 |
| 2018-06-11 | CVE-2018-5153 | Out-of-bounds Read vulnerability in multiple products If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. | 5.0 |