Vulnerabilities > Redhat > Enterprise Linux Server EUS > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-11 | CVE-2018-5117 | If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. | 5.3 |
2018-06-11 | CVE-2017-7848 | Injection vulnerability in multiple products RSS fields can inject new lines into the created email structure, modifying the message body. | 5.3 |
2018-06-11 | CVE-2017-7830 | The Resource Timing API incorrectly revealed navigations in cross-origin iframes. | 6.5 |
2018-06-11 | CVE-2017-7823 | Cross-site Scripting vulnerability in multiple products The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. | 5.4 |
2018-06-11 | CVE-2017-7791 | Improper Input Validation vulnerability in multiple products On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. | 5.3 |
2018-06-11 | CVE-2017-5466 | Cross-site Scripting vulnerability in multiple products If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. | 6.1 |
2018-06-11 | CVE-2017-5451 | Improper Input Validation vulnerability in multiple products A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. | 4.3 |
2018-06-11 | CVE-2017-5408 | Information Exposure vulnerability in multiple products Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. | 5.3 |
2018-06-11 | CVE-2017-5407 | Information Exposure vulnerability in multiple products Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. | 6.5 |
2018-06-11 | CVE-2017-5405 | DEPRECATED: Use of Uninitialized Resource vulnerability in multiple products Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. | 5.3 |