Vulnerabilities > Redhat > Enterprise Linux Desktop > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-14 | CVE-2018-17476 | Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. | 4.3 |
| 2018-11-14 | CVE-2018-17475 | Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 4.3 |
| 2018-11-14 | CVE-2018-17471 | Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. | 4.3 |
| 2018-11-14 | CVE-2018-17468 | Information Exposure vulnerability in multiple products Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page. | 6.5 |
| 2018-11-14 | CVE-2018-17467 | Incomplete Cleanup vulnerability in multiple products Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 4.3 |
| 2018-11-08 | CVE-2018-19108 | Infinite Loop vulnerability in multiple products In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file. | 6.5 |
| 2018-11-08 | CVE-2018-19107 | Integer Overflow or Wraparound vulnerability in multiple products In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file. | 6.5 |
| 2018-11-07 | CVE-2018-19058 | Always-Incorrect Control Flow Implementation vulnerability in multiple products An issue was discovered in Poppler 0.71.0. | 6.5 |
| 2018-11-02 | CVE-2018-18897 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products An issue was discovered in Poppler 0.71.0. | 6.5 |
| 2018-10-31 | CVE-2016-2125 | Improper Input Validation vulnerability in multiple products It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. | 6.5 |