Vulnerabilities > Redhat > Enterprise Linux Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-01-09 CVE-2018-6114 Improper Input Validation vulnerability in multiple products
Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page.
network
low complexity
google debian redhat CWE-20
6.5
2019-01-09 CVE-2018-6113 Improper Input Validation vulnerability in multiple products
Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
network
low complexity
google debian redhat CWE-20
6.5
2019-01-09 CVE-2018-6112 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google debian redhat CWE-706
4.3
2019-01-09 CVE-2018-6110 Improper Input Validation vulnerability in multiple products
Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page.
network
low complexity
google debian redhat CWE-20
5.4
2019-01-09 CVE-2018-6109 Information Exposure vulnerability in multiple products
readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page.
network
low complexity
google debian redhat CWE-200
6.5
2019-01-09 CVE-2018-6100 Data Processing Errors vulnerability in multiple products
Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
network
low complexity
google debian redhat CWE-19
6.5
2019-01-09 CVE-2018-6097 Data Processing Errors vulnerability in multiple products
Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page.
network
low complexity
google debian redhat CWE-19
6.5
2019-01-09 CVE-2018-6096 Improper Input Validation vulnerability in multiple products
A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
network
low complexity
google debian redhat CWE-20
6.5
2019-01-09 CVE-2018-6093 Information Exposure vulnerability in multiple products
Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google debian redhat CWE-200
6.5
2019-01-09 CVE-2018-6091 Data Processing Errors vulnerability in multiple products
Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google debian redhat CWE-19
6.5