Vulnerabilities > Redhat > Enterprise Linux FOR Scientific Computing > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-10 | CVE-2019-13742 | Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 6.5 |
| 2019-12-10 | CVE-2019-13740 | Origin Validation Error vulnerability in multiple products Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 6.5 |
| 2019-12-10 | CVE-2019-13739 | Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 6.5 |
| 2019-12-10 | CVE-2019-13738 | Improper Privilege Management vulnerability in multiple products Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page. | 6.5 |
| 2019-12-10 | CVE-2019-13737 | Information Exposure vulnerability in multiple products Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
| 2019-02-04 | CVE-2019-7317 | Use After Free vulnerability in multiple products png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. | 5.3 |
| 2018-01-09 | CVE-2017-15129 | Race Condition vulnerability in multiple products A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. | 4.7 |
| 2016-07-12 | CVE-2016-5009 | Improper Input Validation vulnerability in Redhat products The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix. | 6.5 |
| 2013-05-16 | CVE-2013-1675 | Improper Initialization vulnerability in multiple products Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. | 6.5 |