CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   

Redhat » Linux Desktop » 6.0 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:redhat:linux_desktop:6.0:*:*:*:*:*:*:*
CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-18359 125 2018-12-11 2019-08-17
6.8
 None Remote Medium Not required Partial Partial Partial
Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
2 CVE-2018-18347 20 2018-12-11 2019-08-17
6.8
 None Remote Medium Not required Partial Partial Partial
Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page.
3 CVE-2018-18346 2018-12-11 2020-08-24
4.3
 None Remote Medium Not required None Partial None
Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page.
4 CVE-2018-18343 787 2018-12-11 2020-08-24
6.8
 None Remote Medium Not required Partial Partial Partial
Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
5 CVE-2018-18341 787 Overflow 2018-12-11 2020-08-24
6.8
 None Remote Medium Not required Partial Partial Partial
An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
6 CVE-2018-18340 787 2018-12-11 2020-08-24
6.8
 None Remote Medium Not required Partial Partial Partial
Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
7 CVE-2018-18339 787 2018-12-11 2020-08-24
6.8
 None Remote Medium Not required Partial Partial Partial
Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8 CVE-2018-18338 787 2018-12-11 2020-08-24
6.8
 None Remote Medium Not required Partial Partial Partial
Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
9 CVE-2018-18337 787 2018-12-11 2020-08-24
6.8
 None Remote Medium Not required Partial Partial Partial
Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
10 CVE-2018-18336 787 2018-12-11 2020-08-24
6.8
 None Remote Medium Not required Partial Partial Partial
Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
11 CVE-2018-17481 787 2018-12-11 2020-08-24
6.8
 None Remote Medium Not required Partial Partial Partial
Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
12 CVE-2018-17473 2018-11-14 2020-08-24
4.3
 None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
13 CVE-2018-17469 125 2018-11-14 2018-12-18
6.8
 None Remote Medium Not required Partial Partial Partial
Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
14 CVE-2018-17464 2018-11-14 2020-08-24
4.3
 None Remote Medium Not required None Partial None
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
15 CVE-2018-17463 Exec Code 2018-11-14 2020-08-24
6.8
 None Remote Medium Not required Partial Partial Partial
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
16 CVE-2018-17462 416 2018-11-14 2020-08-24
6.8
 None Remote Medium Not required Partial Partial Partial
Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.
17 CVE-2018-6116 476 2018-12-04 2019-03-01
4.3
 None Remote Medium Not required None None Partial
A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
18 CVE-2018-6108 2018-12-04 2019-10-03
4.3
 None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page.
19 CVE-2018-6107 2018-12-04 2019-10-03
4.3
 None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
20 CVE-2018-6105 2018-12-04 2019-10-03
4.3
 None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
21 CVE-2018-6104 2018-12-04 2019-10-03
4.3
 None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
22 CVE-2018-6103 Bypass 2018-12-04 2020-08-24
4.3
 None Remote Medium Not required None Partial None
A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page.
23 CVE-2018-6102 20 2018-12-04 2019-03-01
4.3
 None Remote Medium Not required None Partial None
Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
24 CVE-2018-6101 20 Exec Code 2018-12-04 2019-03-01
5.1
 None Remote High Not required Partial Partial Partial
A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server.
25 CVE-2018-6099 200 +Info 2018-12-04 2019-03-01
4.3
 None Remote Medium Not required Partial None None
A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.
26 CVE-2018-6098 2018-12-04 2019-10-03
4.3
 None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
27 CVE-2018-6095 200 +Info 2018-12-04 2019-03-01
4.3
 None Remote Medium Not required Partial None None
Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page.
28 CVE-2018-6094 787 2018-12-04 2020-08-24
6.8
 None Remote Medium Not required Partial Partial Partial
Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
29 CVE-2018-6092 190 Exec Code Overflow 2018-12-04 2019-03-01
6.8
 None Remote Medium Not required Partial Partial Partial
An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
30 CVE-2018-6090 190 Exec Code Overflow 2018-12-04 2019-03-01
6.8
 None Remote Medium Not required Partial Partial Partial
An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
31 CVE-2018-6089 20 2018-12-04 2019-03-01
4.3
 None Remote Medium Not required Partial None None
A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.
32 CVE-2018-6088 20 Exec Code 2018-12-04 2019-03-01
6.8
 None Remote Medium Not required Partial Partial Partial
An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
33 CVE-2018-6087 416 Exec Code 2018-12-04 2019-03-01
6.8
 None Remote Medium Not required Partial Partial Partial
A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
34 CVE-2018-6086 416 Exec Code 2018-12-04 2019-03-01
6.8
 None Remote Medium Not required Partial Partial Partial
A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
35 CVE-2018-6085 416 Exec Code 2018-12-04 2019-03-01
6.8
 None Remote Medium Not required Partial Partial Partial
Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
36 CVE-2018-6081 79 XSS 2018-11-14 2018-12-14
4.3
 None Remote Medium Not required None Partial None
XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page.
37 CVE-2018-6076 79 XSS 2018-11-14 2018-12-19
4.3
 None Remote Medium Not required None Partial None
Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page.
38 CVE-2018-6075 200 +Info 2018-11-14 2018-12-19
4.3
 None Remote Medium Not required Partial None None
Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction.
39 CVE-2018-6074 20 Bypass 2018-11-14 2018-12-19
6.8
 None Remote Medium Not required Partial Partial Partial
Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page.
40 CVE-2018-6073 787 Overflow 2018-11-14 2020-08-24
6.8
 None Remote Medium Not required Partial Partial Partial
A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
41 CVE-2018-6072 787 Overflow 2018-11-14 2020-08-24
6.8
 None Remote Medium Not required Partial Partial Partial
An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
42 CVE-2018-6071 125 Overflow 2018-11-14 2020-08-24
6.8
 None Remote Medium Not required Partial Partial Partial
An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
43 CVE-2018-6069 125 Overflow 2018-11-14 2020-08-24
4.3
 None Remote Medium Not required Partial None None
Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
44 CVE-2018-6068 20 2018-11-14 2018-12-19
4.3
 None Remote Medium Not required None Partial None
Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
45 CVE-2018-6066 200 +Info 2018-11-14 2018-12-19
4.3
 None Remote Medium Not required Partial None None
Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Total number of vulnerabilities : 45   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.