Vulnerabilities > Redhat > Enterprise Linux Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-04 | CVE-2018-11784 | Open Redirect vulnerability in multiple products When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. | 4.3 |
| 2018-10-03 | CVE-2018-17972 | Race Condition vulnerability in multiple products An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. | 5.5 |
| 2018-09-28 | CVE-2018-17581 | Resource Exhaustion vulnerability in multiple products CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. | 6.5 |
| 2018-09-27 | CVE-2018-14650 | It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. | 5.0 |
| 2018-09-25 | CVE-2018-6052 | Information Exposure vulnerability in multiple products Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data. | 4.3 |
| 2018-09-25 | CVE-2018-6051 | Cross-site Scripting vulnerability in multiple products XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page. | 4.3 |
| 2018-09-25 | CVE-2018-6050 | Improper Input Validation vulnerability in multiple products Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 6.5 |
| 2018-09-25 | CVE-2018-6049 | Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page. | 6.5 |
| 2018-09-25 | CVE-2018-6048 | Improper Input Validation vulnerability in multiple products Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page. | 4.3 |
| 2018-09-25 | CVE-2018-6047 | Improper Input Validation vulnerability in multiple products Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page. | 4.3 |