CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Redhat : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1301 CVE-2018-6109 200 +Info 2019-01-09 2019-01-30
4.3
None Remote Medium Not required Partial None None
readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page.
1302 CVE-2018-6108 2018-12-04 2019-10-03
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page.
1303 CVE-2018-6107 2018-12-04 2019-10-03
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
1304 CVE-2018-6106 19 2019-01-09 2019-01-30
6.8
None Remote Medium Not required Partial Partial Partial
An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page.
1305 CVE-2018-6105 2018-12-04 2019-10-03
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
1306 CVE-2018-6104 2018-12-04 2019-10-03
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
1307 CVE-2018-6103 Bypass 2018-12-04 2020-08-24
4.3
None Remote Medium Not required None Partial None
A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page.
1308 CVE-2018-6102 20 2018-12-04 2019-03-01
4.3
None Remote Medium Not required None Partial None
Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
1309 CVE-2018-6101 20 Exec Code 2018-12-04 2019-03-01
5.1
None Remote High Not required Partial Partial Partial
A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server.
1310 CVE-2018-6100 19 2019-01-09 2019-01-30
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
1311 CVE-2018-6099 200 +Info 2018-12-04 2019-03-01
4.3
None Remote Medium Not required Partial None None
A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.
1312 CVE-2018-6098 2018-12-04 2019-10-03
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
1313 CVE-2018-6097 19 2019-01-09 2021-09-08
4.3
None Remote Medium Not required None Partial None
Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page.
1314 CVE-2018-6096 20 2019-01-09 2019-01-30
4.3
None Remote Medium Not required None Partial None
A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
1315 CVE-2018-6095 200 +Info 2018-12-04 2019-03-01
4.3
None Remote Medium Not required Partial None None
Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page.
1316 CVE-2018-6094 787 2018-12-04 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1317 CVE-2018-6093 200 +Info 2019-01-09 2019-01-29
4.3
None Remote Medium Not required Partial None None
Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
1318 CVE-2018-6092 190 Exec Code Overflow 2018-12-04 2019-03-01
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
1319 CVE-2018-6091 19 2019-01-09 2019-01-30
4.3
None Remote Medium Not required Partial None None
Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
1320 CVE-2018-6090 190 Exec Code Overflow 2018-12-04 2019-03-01
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
1321 CVE-2018-6089 20 2018-12-04 2019-03-01
4.3
None Remote Medium Not required Partial None None
A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.
1322 CVE-2018-6088 20 Exec Code 2018-12-04 2019-03-01
6.8
None Remote Medium Not required Partial Partial Partial
An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
1323 CVE-2018-6087 416 Exec Code 2018-12-04 2019-03-01
6.8
None Remote Medium Not required Partial Partial Partial
A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
1324 CVE-2018-6086 416 Exec Code 2018-12-04 2019-03-01
6.8
None Remote Medium Not required Partial Partial Partial
A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
1325 CVE-2018-6085 416 Exec Code 2018-12-04 2019-03-01
6.8
None Remote Medium Not required Partial Partial Partial
Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
1326 CVE-2018-6084 20 Exec Code 2019-01-09 2021-09-08
7.2
None Local Low Not required Complete Complete Complete
Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.
1327 CVE-2018-6083 2018-11-14 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.
1328 CVE-2018-6082 200 +Info 2018-11-14 2018-12-27
4.3
None Remote Medium Not required Partial None None
Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.
1329 CVE-2018-6081 79 XSS 2018-11-14 2018-12-14
4.3
None Remote Medium Not required None Partial None
XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page.
1330 CVE-2018-6080 269 2018-11-14 2019-10-03
4.3
None Remote Medium Not required Partial None None
Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes .
1331 CVE-2018-6079 200 +Info 2018-11-14 2018-12-26
4.3
None Remote Medium Not required Partial None None
Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
1332 CVE-2018-6078 20 2018-11-14 2018-12-26
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
1333 CVE-2018-6077 200 +Info 2018-11-14 2018-12-21
4.3
None Remote Medium Not required Partial None None
Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
1334 CVE-2018-6076 79 XSS 2018-11-14 2018-12-19
4.3
None Remote Medium Not required None Partial None
Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page.
1335 CVE-2018-6075 200 +Info 2018-11-14 2018-12-19
4.3
None Remote Medium Not required Partial None None
Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction.
1336 CVE-2018-6074 20 Bypass 2018-11-14 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page.
1337 CVE-2018-6073 787 Overflow 2018-11-14 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
1338 CVE-2018-6072 787 Overflow 2018-11-14 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
1339 CVE-2018-6071 125 Overflow 2018-11-14 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
1340 CVE-2018-6070 79 XSS Bypass 2018-11-14 2019-10-03
4.3
None Remote Medium Not required None Partial None
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
1341 CVE-2018-6069 125 Overflow 2018-11-14 2020-08-24
4.3
None Remote Medium Not required Partial None None
Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
1342 CVE-2018-6068 20 2018-11-14 2018-12-19
4.3
None Remote Medium Not required None Partial None
Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
1343 CVE-2018-6067 125 2018-11-14 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1344 CVE-2018-6066 200 +Info 2018-11-14 2018-12-19
4.3
None Remote Medium Not required Partial None None
Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
1345 CVE-2018-6065 787 Overflow 2018-11-14 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1346 CVE-2018-6064 704 2018-11-14 2019-05-02
6.8
None Remote Medium Not required Partial Partial Partial
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1347 CVE-2018-6063 787 2018-11-14 2018-12-26
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.
1348 CVE-2018-6062 787 Overflow 2018-11-14 2018-12-21
6.8
None Remote Medium Not required Partial Partial Partial
Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
1349 CVE-2018-6061 362 2018-11-14 2018-12-19
5.1
None Remote High Not required Partial Partial Partial
A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1350 CVE-2018-6060 416 2018-11-14 2018-12-21
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Total number of vulnerabilities : 3974   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 (This Page)28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.