Search Results (Refine Search)
- CPE Product Version: cpe:/o:redhat:enterprise_linux_server:6.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-5068 |
Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page. Published: October 27, 2017; 1:29:00 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.1 MEDIUM |
CVE-2017-5067 |
An insufficient watchdog timer in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Published: October 27, 2017; 1:29:00 AM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-5066 |
Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML page. Published: October 27, 2017; 1:29:00 AM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-5065 |
Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page. Published: October 27, 2017; 1:29:00 AM -0400 |
V3.1: 4.7 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-5063 |
A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Published: October 27, 2017; 1:29:00 AM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-5062 |
A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to potentially perform out of bounds memory access via a crafted Chrome extension. Published: October 27, 2017; 1:29:00 AM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-5061 |
A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Published: October 27, 2017; 1:29:00 AM -0400 |
V3.1: 5.3 MEDIUM V2.0: 2.6 LOW |
CVE-2017-5060 |
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. Published: October 27, 2017; 1:29:00 AM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-5059 |
Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page. Published: October 27, 2017; 1:29:00 AM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-5057 |
Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. Published: October 27, 2017; 1:29:00 AM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-5056 |
A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Published: October 27, 2017; 1:29:00 AM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-5054 |
An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page. Published: October 27, 2017; 1:29:00 AM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-5053 |
An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf. Published: October 27, 2017; 1:29:00 AM -0400 |
V3.1: 9.6 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2017-5052 |
An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting. Published: October 27, 2017; 1:29:00 AM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-12159 |
It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks. Published: October 26, 2017; 1:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-12158 |
It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server. Published: October 26, 2017; 1:29:00 PM -0400 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-12613 |
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. Published: October 23, 2017; 9:29:02 PM -0400 |
V3.1: 7.1 HIGH V2.0: 3.6 LOW |
CVE-2017-11292 |
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution. Published: October 22, 2017; 3:29:00 PM -0400 |
V3.1: 8.8 HIGH V2.0: 6.0 MEDIUM |
CVE-2017-10388 |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Published: October 19, 2017; 1:29:05 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.1 MEDIUM |
CVE-2017-10357 |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Published: October 19, 2017; 1:29:04 PM -0400 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |