Vulnerabilities > Redhat > Enterprise Linux Workstation > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-7846 | Injection vulnerability in multiple products It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. | 8.8 |
| 2018-06-11 | CVE-2017-7843 | Information Exposure vulnerability in multiple products When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. | 7.5 |
| 2018-06-11 | CVE-2017-7814 | Improper Input Validation vulnerability in multiple products File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. | 7.8 |
| 2018-06-11 | CVE-2017-7807 | Improper Input Validation vulnerability in multiple products A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. | 8.1 |
| 2018-06-11 | CVE-2017-7803 | Improper Privilege Management vulnerability in multiple products When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. | 7.5 |
| 2018-06-11 | CVE-2017-7798 | Code Injection vulnerability in multiple products The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. | 8.8 |
| 2018-06-11 | CVE-2017-7787 | Information Exposure vulnerability in multiple products Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. | 7.5 |
| 2018-06-11 | CVE-2017-7762 | Improper Input Validation vulnerability in multiple products When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. | 7.5 |
| 2018-06-11 | CVE-2017-7754 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. | 7.5 |
| 2018-06-11 | CVE-2017-7752 | Use After Free vulnerability in multiple products A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. | 8.8 |