Redhat

Enterprise Linux Desktop

1928 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2018-18345

  • EPSS 0.75%
  • Published 11.12.2018 16:29:01
  • Last modified 21.11.2024 03:55:45

Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.

4.3

CVE-2018-18348

  • EPSS 0.95%
  • Published 11.12.2018 16:29:01
  • Last modified 21.11.2024 03:55:45

Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

6.5

CVE-2018-18349

  • EPSS 0.53%
  • Published 11.12.2018 16:29:01
  • Last modified 21.11.2024 03:55:46

Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chr...

6.5

CVE-2018-18350

  • EPSS 0.65%
  • Published 11.12.2018 16:29:01
  • Last modified 21.11.2024 03:55:46

Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page.

6.5

CVE-2018-18351

  • EPSS 0.75%
  • Published 11.12.2018 16:29:01
  • Last modified 21.11.2024 03:55:46

Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.

6.5

CVE-2018-18352

  • EPSS 0.77%
  • Published 11.12.2018 16:29:01
  • Last modified 21.11.2024 03:55:46

Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page.

6.5

CVE-2018-18353

  • EPSS 1.27%
  • Published 11.12.2018 16:29:01
  • Last modified 21.11.2024 03:55:46

Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.

8.8

CVE-2018-18354

  • EPSS 1.62%
  • Published 11.12.2018 16:29:01
  • Last modified 21.11.2024 03:55:46

Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.

4.3

CVE-2018-18355

  • EPSS 0.95%
  • Published 11.12.2018 16:29:01
  • Last modified 21.11.2024 03:55:46

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

8.8

CVE-2018-18356

  • EPSS 2.61%
  • Published 11.12.2018 16:29:01
  • Last modified 21.11.2024 03:55:46

An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.