Vulnerabilities > Redhat > Enterprise Linux Desktop > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-14 | CVE-2018-6078 | Improper Input Validation vulnerability in multiple products Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 4.3 |
| 2018-11-14 | CVE-2018-6077 | Information Exposure vulnerability in multiple products Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2018-11-14 | CVE-2018-6070 | Cross-site Scripting vulnerability in multiple products Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. | 6.1 |
| 2018-11-14 | CVE-2018-17477 | Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page. | 4.3 |
| 2018-11-14 | CVE-2018-17476 | Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. | 4.3 |
| 2018-11-14 | CVE-2018-17475 | Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 4.3 |
| 2018-11-14 | CVE-2018-17471 | Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. | 4.3 |
| 2018-11-14 | CVE-2018-17468 | Information Exposure vulnerability in multiple products Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page. | 6.5 |
| 2018-11-14 | CVE-2018-17467 | Incomplete Cleanup vulnerability in multiple products Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 4.3 |
| 2018-11-08 | CVE-2018-19108 | Infinite Loop vulnerability in multiple products In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file. | 6.5 |