CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Redhat » Enterprise Linux Server : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2018-6764 346 Exec Code Bypass 2018-02-23 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.
102 CVE-2018-6574 94 Exec Code 2018-02-07 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
103 CVE-2018-6560 436 2018-02-02 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.
104 CVE-2018-6179 200 +Info 2019-01-09 2019-01-16
4.3
None Remote Medium Not required Partial None None
Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.
105 CVE-2018-6178 254 2019-01-09 2019-01-16
4.3
None Remote Medium Not required None Partial None
Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension.
106 CVE-2018-6175 2019-01-09 2019-10-02
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
107 CVE-2018-6173 2019-01-09 2019-10-02
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
108 CVE-2018-6172 2019-01-09 2019-10-02
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
109 CVE-2018-6169 20 2019-01-09 2019-01-15
4.3
None Remote Medium Not required None Partial None
Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page.
110 CVE-2018-6167 2019-01-09 2019-10-02
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
111 CVE-2018-6166 2019-01-09 2019-10-02
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
112 CVE-2018-6165 2019-01-09 2019-10-02
4.3
None Remote Medium Not required None Partial None
Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
113 CVE-2018-6164 200 +Info 2019-01-09 2019-01-14
4.3
None Remote Medium Not required Partial None None
Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
114 CVE-2018-6163 2019-01-09 2019-10-02
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
115 CVE-2018-6143 125 2019-01-09 2019-01-15
4.3
None Remote Medium Not required None None Partial
Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
116 CVE-2018-6137 200 +Info 2019-01-09 2019-01-14
4.3
None Remote Medium Not required Partial None None
CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
117 CVE-2018-6135 2019-01-09 2019-10-02
4.3
None Remote Medium Not required None Partial None
Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
118 CVE-2018-6123 416 2019-01-09 2019-01-14
4.3
None Remote Medium Not required None None Partial
A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
119 CVE-2018-6117 200 +Info 2019-01-09 2019-01-15
4.3
None Remote Medium Not required Partial None None
Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
120 CVE-2018-6114 20 Bypass 2019-01-09 2019-01-16
4.3
None Remote Medium Not required None Partial None
Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page.
121 CVE-2018-6113 20 2019-01-09 2019-01-16
4.3
None Remote Medium Not required None Partial None
Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
122 CVE-2018-6112 706 Bypass 2019-01-09 2019-10-02
4.3
None Remote Medium Not required Partial None None
Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
123 CVE-2018-6082 200 +Info 2018-11-14 2018-12-27
4.3
None Remote Medium Not required Partial None None
Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.
124 CVE-2018-6080 269 2018-11-14 2019-10-02
4.3
None Remote Medium Not required Partial None None
Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes .
125 CVE-2018-6079 200 +Info 2018-11-14 2018-12-26
4.3
None Remote Medium Not required Partial None None
Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
126 CVE-2018-6078 20 2018-11-14 2018-12-26
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
127 CVE-2018-6077 200 +Info 2018-11-14 2018-12-21
4.3
None Remote Medium Not required Partial None None
Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
128 CVE-2018-6070 79 XSS Bypass 2018-11-14 2019-10-02
4.3
None Remote Medium Not required None Partial None
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
129 CVE-2018-6053 200 +Info 2018-09-25 2018-11-20
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page.
130 CVE-2018-6052 200 +Info 2018-09-25 2018-11-20
4.3
None Remote Medium Not required Partial None None
Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.
131 CVE-2018-6051 79 XSS 2018-09-25 2018-11-15
4.3
None Remote Medium Not required Partial None None
XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.
132 CVE-2018-6050 20 2018-09-25 2018-11-20
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
133 CVE-2018-6049 2018-09-25 2019-10-02
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page.
134 CVE-2018-6048 20 +Info 2018-09-25 2018-11-20
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page.
135 CVE-2018-6047 20 2018-09-25 2018-11-20
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page.
136 CVE-2018-6046 20 2018-09-25 2018-11-15
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.
137 CVE-2018-6045 200 +Info 2018-09-25 2018-11-15
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.
138 CVE-2018-6042 20 2018-09-25 2018-11-15
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
139 CVE-2018-6041 20 2018-09-25 2018-11-15
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
140 CVE-2018-6040 732 Bypass 2018-09-25 2019-10-02
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.
141 CVE-2018-6039 20 2018-09-25 2018-11-15
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.
142 CVE-2018-6038 125 Overflow 2018-09-25 2018-11-15
4.3
None Remote Medium Not required None None Partial
Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
143 CVE-2018-6037 200 +Info 2018-09-25 2018-11-15
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page.
144 CVE-2018-6036 20 2018-09-25 2018-11-15
4.3
None Remote Medium Not required Partial None None
Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page.
145 CVE-2018-6032 20 2018-09-25 2018-11-13
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page.
146 CVE-2018-5848 190 Overflow 2018-06-12 2019-05-02
4.6
None Local Low Not required Partial Partial Partial
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
147 CVE-2018-5806 476 2018-12-07 2018-12-28
4.3
None Remote Medium Not required None None Partial
An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.
148 CVE-2018-5801 476 2018-12-07 2019-03-29
4.3
None Remote Medium Not required None None Partial
An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.
149 CVE-2018-5800 119 Overflow 2018-12-07 2019-03-29
4.3
None Remote Medium Not required None None Partial
An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
150 CVE-2018-5185 311 2018-06-11 2019-10-02
4.3
None Remote Medium Not required Partial None None
Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
Total number of vulnerabilities : 272   Page : 1 2 3 (This Page)4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.