Enterprise Linux Server

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-11	CVE-2018-5097	Use After Free vulnerability in multiple products A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. network low complexity debian redhat mozilla canonical CWE-416 critical	9.8
2018-06-11	CVE-2018-5096	Use After Free vulnerability in multiple products A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. network low complexity debian redhat mozilla CWE-416 critical	9.8
2018-06-11	CVE-2018-5095	Use of Uninitialized Resource vulnerability in multiple products An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. network low complexity debian redhat mozilla canonical CWE-908 critical	9.8
2018-06-11	CVE-2018-5091	Use After Free vulnerability in multiple products A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. network low complexity debian redhat mozilla canonical CWE-416 critical	9.8
2018-06-11	CVE-2018-5089	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. network low complexity canonical redhat debian mozilla CWE-119 critical	9.8
2018-06-11	CVE-2017-7848	Injection vulnerability in multiple products RSS fields can inject new lines into the created email structure, modifying the message body. network low complexity mozilla redhat debian CWE-74	5.3
2018-06-11	CVE-2017-7847	Information Exposure vulnerability in multiple products Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. network low complexity debian redhat mozilla CWE-200	4.3
2018-06-11	CVE-2017-7846	Injection vulnerability in multiple products It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. network low complexity redhat debian mozilla CWE-74	8.8
2018-06-11	CVE-2017-7843	Information Exposure vulnerability in multiple products When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. network low complexity debian mozilla redhat CWE-200	7.5
2018-06-11	CVE-2017-7830	The Resource Timing API incorrectly revealed navigations in cross-origin iframes. network low complexity debian mozilla redhat	6.5