Filtered by vendor Redhat Subscriptions
Filtered by product Enterprise Linux Server Subscriptions
Total 1910 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-5094 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2024-08-05 6.5 Medium
Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page.
CVE-2017-5044 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2024-08-05 6.3 Medium
Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2017-5110 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2024-08-05 6.5 Medium
Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.
CVE-2017-5065 4 Apple, Google, Microsoft and 1 more 7 Macos, Chrome, Windows and 4 more 2024-08-05 4.7 Medium
Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page.
CVE-2017-5118 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2024-08-05 4.3 Medium
Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2017-5076 5 Apple, Google, Linux and 2 more 9 Macos, Android, Chrome and 6 more 2024-08-05 6.5 Medium
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
CVE-2017-5098 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2024-08-05 8.8 High
A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2017-5111 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Chrome and 6 more 2024-08-05 8.8 High
A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.
CVE-2017-5091 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2024-08-05 8.8 High
A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2017-5078 5 Apple, Google, Linux and 2 more 8 Macos, Chrome, Linux Kernel and 5 more 2024-08-05 8.8 High
Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as * have an incorrect interaction with xdg-email in xdg-utils, and a space character can be used in front of a command-line argument.
CVE-2017-5116 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2024-08-05 8.8 High
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2017-5083 5 Apple, Google, Linux and 2 more 9 Macos, Android, Chrome and 6 more 2024-08-05 4.3 Medium
Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.
CVE-2017-5120 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2024-08-05 6.5 Medium
Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring).
CVE-2017-5089 3 Apple, Google, Redhat 6 Macos, Chrome, Enterprise Linux Desktop and 3 more 2024-08-05 6.5 Medium
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name.
CVE-2017-5056 5 Apple, Google, Linux and 2 more 9 Macos, Android, Chrome and 6 more 2024-08-05 8.8 High
A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2017-5105 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2024-08-05 6.5 Medium
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
CVE-2017-5070 5 Apple, Google, Linux and 2 more 9 Macos, Android, Chrome and 6 more 2024-08-05 8.8 High
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2017-5033 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2024-08-05 4.3 Medium
Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword.
CVE-2017-5067 5 Apple, Google, Linux and 2 more 8 Macos, Chrome, Linux Kernel and 5 more 2024-08-05 6.5 Medium
An insufficient watchdog timer in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2017-5037 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2024-08-05 7.8 High
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.