Redhat Enterprise Linux Desktop vulnerabilities
1,928 known vulnerabilities affecting redhat/enterprise_linux_desktop.
Total CVEs
1,928
CISA KEV
56
actively exploited
Public exploits
141
Exploited in wild
61
Severity breakdown
CRITICAL345HIGH708MEDIUM756LOW119
Vulnerabilities
Page 17 of 97
CVE-2018-6097MEDIUMCVSS 6.5v6.02019-01-09
CVE-2018-6097 [MEDIUM] CWE-19 CVE-2018-6097: Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.335
Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page.
nvd
CVE-2018-6110MEDIUMCVSS 5.4v6.02019-01-09
CVE-2018-6110 [MEDIUM] CWE-20 CVE-2018-6110: Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote atta
Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page.
nvd
CVE-2018-16078MEDIUMCVSS 6.5v6.02019-01-09
CVE-2018-16078 [MEDIUM] CWE-200 CVE-2018-16078: Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a
Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
nvd
CVE-2018-6147MEDIUMCVSS 5.5v6.02019-01-09
CVE-2018-6147 [MEDIUM] CWE-200 CVE-2018-6147: Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a
Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process.
nvd
CVE-2018-6112MEDIUMCVSS 4.3v6.02019-01-09
CVE-2018-6112 [MEDIUM] CWE-706 CVE-2018-6112: Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359
Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2018-16067MEDIUMCVSS 6.5v6.02019-01-09
CVE-2018-16067 [MEDIUM] CWE-416 CVE-2018-16067: A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to pot
A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2018-6164MEDIUMCVSS 6.5v6.02019-01-09
CVE-2018-6164 [MEDIUM] CWE-200 CVE-2018-6164: Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a
Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2018-16082MEDIUMCVSS 6.5v6.02019-01-09
CVE-2018-16082 [MEDIUM] CWE-125 CVE-2018-16082: An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacke
An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
nvd
CVE-2018-6091MEDIUMCVSS 6.5v6.02019-01-09
CVE-2018-6091 [MEDIUM] CWE-19 CVE-2018-6091: Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google
Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2018-6166MEDIUMCVSS 6.5v6.02019-01-09
CVE-2018-6166 [MEDIUM] CVE-2018-6166: Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
nvd
CVE-2018-17459MEDIUMCVSS 6.5v6.02019-01-09
CVE-2018-17459 [MEDIUM] CVE-2018-17459: Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 all
Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2018-6175MEDIUMCVSS 6.5v6.02019-01-09
CVE-2018-6175 [MEDIUM] CVE-2018-6175: Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
nvd
CVE-2018-16084MEDIUMCVSS 6.1v6.02019-01-09
CVE-2018-16084 [MEDIUM] CWE-79 CVE-2018-16084: The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed
The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page.
nvd
CVE-2018-6163MEDIUMCVSS 6.5v6.02019-01-09
CVE-2018-6163 [MEDIUM] CVE-2018-6163: Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
nvd
CVE-2018-6114MEDIUMCVSS 6.5v6.02019-01-09
CVE-2018-6114 [MEDIUM] CWE-20 CVE-2018-6114: Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allo
Incorrect enforcement of CSP for tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page.
nvd
CVE-2018-6178MEDIUMCVSS 4.3v6.02019-01-09
CVE-2018-6178 [MEDIUM] CWE-1021 CVE-2018-6178: Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed
Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension.
nvd
CVE-2018-6169MEDIUMCVSS 6.5v6.02019-01-09
CVE-2018-6169 [MEDIUM] CWE-20 CVE-2018-6169: Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 all
Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page.
nvd
CVE-2018-6167MEDIUMCVSS 6.5v6.02019-01-09
CVE-2018-6167 [MEDIUM] CVE-2018-6167: Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
nvd
CVE-2018-6113MEDIUMCVSS 6.5v6.02019-01-09
CVE-2018-6113 [MEDIUM] CWE-20 CVE-2018-6113: Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.
Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
nvd
CVE-2018-6143MEDIUMCVSS 6.5v6.02019-01-09
CVE-2018-6143 [MEDIUM] CWE-125 CVE-2018-6143: Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to pe
Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
nvd