NotCVE - vendor:"Redhat" product:"Enterprise Linux Workstation"

Page 56 of 2001 results (0.007 seconds)

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-6113 – chromium-browser: URL spoof in Navigation

https://notcve.org/view.php?id=CVE-2018-6113

Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page. El manejo incorrecto de las entradas de navegación pendientes en Navigation en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto suplantase dominios mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103917 https://access.redhat.com/errata/RHSA-2018:1195 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html https://crbug.com/805900 https://security.gentoo.org/glsa/201804-22 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6113 https://bugzilla.redhat.com/show_bug.cgi?id=1568793 • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0

CVE-2018-6117 – chromium-browser: Confusing autofill settings

https://notcve.org/view.php?id=CVE-2018-6117

Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Las opciones confusas en Autofill en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitían que un atacante remoto pudiese obtener información potencialmente sensible del la memoria del proceso mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103917 https://access.redhat.com/errata/RHSA-2018:1195 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html https://crbug.com/822465 https://security.gentoo.org/glsa/201804-22 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6117 https://bugzilla.redhat.com/show_bug.cgi?id=1568797 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2018-17461

https://notcve.org/view.php?id=CVE-2018-17461

An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. Una lectura fuera de límites en PDFium en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante un archivo PDF manipulado. • https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html https://crbug.com/874359 • CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 1%CPEs: 24EXPL: 0

CVE-2018-20662 – poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc

https://notcve.org/view.php?id=CVE-2018-20662

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. En la versión 0.72.0 de Poppler, PDFDoc::setup en PDFDoc.cc permite a los atacantes remotos provocar una denegación de servicio (cierre inesperado de la aplicación provocado por un SIGABRT en Object.h debido a un valor de retorno incorrecto de PDFDoc::setup) manipulando un archivo PDF en el que la estructura de datos xref se maneja de manera incorrecta durante el procesamiento de extractPDFSubtype. • https://access.redhat.com/errata/RHSA-2019:2022 https://access.redhat.com/errata/RHSA-2019:2713 https://gitlab.freedesktop.org/poppler/poppler/commit/9fd5ec0e6e5f763b190f2a55ceb5427cfe851d5f https://gitlab.freedesktop.org/poppler/poppler/issues/706 https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS https://li • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •

CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0

CVE-2018-20650 – poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc

https://notcve.org/view.php?id=CVE-2018-20650

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. Una aserción alcanzable en Object::dictLookup en Poppler 0.72.0 permite a los atacantes provocar una denegación de servicio (DoS) debido a la falta de comprobación del tipo de datos del directorio, tal y como queda demostrado con el uso de la clase FileSpec (en FileSpec.cc) en pdfdetach. • http://www.securityfocus.com/bid/106459 https://access.redhat.com/errata/RHSA-2019:2022 https://access.redhat.com/errata/RHSA-2019:2713 https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7 https://gitlab.freedesktop.org/poppler/poppler/issues/704 https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html https:/ • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •

1...54 55 56 57 58