Enterprise Linux Server EUS

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-11	CVE-2017-7848	Injection vulnerability in multiple products RSS fields can inject new lines into the created email structure, modifying the message body. network low complexity mozilla redhat debian CWE-74	5.3
2018-06-11	CVE-2017-7846	Injection vulnerability in multiple products It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. network low complexity redhat debian mozilla CWE-74	8.8
2018-06-11	CVE-2017-7843	Information Exposure vulnerability in multiple products When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. network low complexity debian mozilla redhat CWE-200	7.5
2018-06-11	CVE-2017-7830	The Resource Timing API incorrectly revealed navigations in cross-origin iframes. network low complexity debian mozilla redhat	6.5
2018-06-11	CVE-2017-7828	Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. network low complexity debian redhat mozilla CWE-416 critical	9.8
2018-06-11	CVE-2017-7826	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. network low complexity debian redhat canonical mozilla CWE-119 critical	9.8
2018-06-11	CVE-2017-7823	Cross-site Scripting vulnerability in multiple products The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. network low complexity redhat debian mozilla CWE-79	5.4
2018-06-11	CVE-2017-7819	Use After Free vulnerability in multiple products A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. network low complexity redhat debian mozilla CWE-416 critical	9.8
2018-06-11	CVE-2017-7818	Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. network low complexity redhat debian mozilla CWE-416 critical	9.8
2018-06-11	CVE-2017-7814	Improper Input Validation vulnerability in multiple products File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. local low complexity redhat mozilla debian CWE-20	7.8