Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-12-04 CVE-2018-6105 Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
network
low complexity
redhat debian google
6.5
2018-12-04 CVE-2018-6104 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
network
low complexity
redhat debian google
6.5
2018-12-04 CVE-2018-6103 A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page.
network
low complexity
redhat debian google
6.5
2018-12-04 CVE-2018-6102 Improper Input Validation vulnerability in multiple products
Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
network
low complexity
redhat debian google CWE-20
4.3
2018-12-04 CVE-2018-6099 Information Exposure vulnerability in multiple products
A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.
network
low complexity
redhat debian google CWE-200
6.5
2018-12-04 CVE-2018-6098 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
network
low complexity
redhat debian google
6.5
2018-12-04 CVE-2018-6095 Information Exposure vulnerability in multiple products
Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page.
network
low complexity
redhat debian google CWE-200
6.5
2018-12-04 CVE-2018-6089 Improper Input Validation vulnerability in multiple products
A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.
network
low complexity
google redhat debian CWE-20
6.5
2018-12-04 CVE-2018-19841 Out-of-bounds Read vulnerability in multiple products
The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.
5.5
2018-12-02 CVE-2018-19787 Cross-site Scripting vulnerability in multiple products
An issue was discovered in lxml before 4.2.5.
network
low complexity
lxml debian canonical CWE-79
6.1