Vulnerabilities > Debian > Debian Linux > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-11 | CVE-2018-5125 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. | 6.8 |
2018-06-11 | CVE-2018-5117 | If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. | 5.0 |
2018-06-11 | CVE-2017-7848 | Injection vulnerability in multiple products RSS fields can inject new lines into the created email structure, modifying the message body. | 5.0 |
2018-06-11 | CVE-2017-7847 | Information Exposure vulnerability in multiple products Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. | 4.3 |
2018-06-11 | CVE-2017-7846 | Injection vulnerability in multiple products It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. | 6.8 |
2018-06-11 | CVE-2017-7843 | Information Exposure vulnerability in multiple products When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. | 5.0 |
2018-06-11 | CVE-2017-7830 | The Resource Timing API incorrectly revealed navigations in cross-origin iframes. | 4.3 |
2018-06-11 | CVE-2017-7829 | Improper Input Validation vulnerability in multiple products It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. | 5.0 |
2018-06-11 | CVE-2017-7825 | Improper Input Validation vulnerability in multiple products Several fonts on OS X display some Tibetan and Arabic characters as whitespace. | 5.0 |
2018-06-11 | CVE-2017-7823 | Cross-site Scripting vulnerability in multiple products The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. | 4.3 |