Redhat Enterprise Linux Desktop Supplementary — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Enterprise Linux Desktop Supplementary, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (84)
CVE-2015-3039 — CVSS 10.0 (critical): Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before…
CVE-2014-3188 — CVSS 10.0 (critical): Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which…
CVE-2015-3038 — CVSS 10.0 (critical): Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows…
CVE-2015-0348 — CVSS 10.0 (critical): Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457…
CVE-2015-0349 — CVSS 10.0 (critical): Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before…
CVE-2015-0350 — CVSS 10.0 (critical): Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows…
CVE-2015-0351 — CVSS 10.0 (critical): Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before…
CVE-2015-0352 — CVSS 10.0 (critical): Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows…
CVE-2015-0353 — CVSS 10.0 (critical): Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows…
CVE-2015-0354 — CVSS 10.0 (critical): Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows…
CVE-2015-0355 — CVSS 10.0 (critical): Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows…
CVE-2015-0360 — CVSS 10.0 (critical): Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows…
CVE-2015-0358 — CVSS 10.0 (critical): Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before…
CVE-2015-0346 — CVSS 10.0 (critical): Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before…
CVE-2015-0347 — CVSS 10.0 (critical): Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows…
CVE-2015-3042 — CVSS 10.0 (critical): Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows…
CVE-2015-3041 — CVSS 10.0 (critical): Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows…
CVE-2016-2051 — CVSS 9.8 (critical): Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause…
CVE-2015-1276 — CVSS 9.8 (critical): Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome…
CVE-2016-1662 — CVSS 9.8 (critical): extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection…
CVE-2016-1666 — CVSS 9.8 (critical): Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have…
CVE-2016-1663 — CVSS 8.8 (high): The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in…
CVE-2016-1660 — CVSS 8.8 (high): Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes…
CVE-2015-8540 — CVSS 8.8 (high): Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before…
CVE-2016-1661 — CVSS 8.0 (high): Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition…
CVE-2015-1218 — CVSS 7.5 (high): Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote…
CVE-2014-3189 — CVSS 7.5 (high): The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly…
CVE-2014-3190 — CVSS 7.5 (high): Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before…
CVE-2014-3191 — CVSS 7.5 (high): Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service…
CVE-2014-3192 — CVSS 7.5 (high): Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM…
CVE-2014-3193 — CVSS 7.5 (high): The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote…
CVE-2014-3194 — CVSS 7.5 (high): Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a…
CVE-2014-3200 — CVSS 7.5 (high): Multiple unspecified vulnerabilities in Google Chrome before 38.0.2125.101 allow attackers to cause a denial of service or possibly have…
CVE-2014-7923 — CVSS 7.5 (high): The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome…
CVE-2014-7926 — CVSS 7.5 (high): The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome…
CVE-2014-7942 — CVSS 7.5 (high): The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote…
CVE-2015-1214 — CVSS 7.5 (high): Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google…
CVE-2015-1215 — CVSS 7.5 (high): The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or…
CVE-2015-1216 — CVSS 7.5 (high): Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8…
CVE-2015-1217 — CVSS 7.5 (high): The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in…
CVE-2015-1219 — CVSS 7.5 (high): Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before…
CVE-2015-1228 — CVSS 7.5 (high): The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does…
CVE-2015-1230 — CVSS 7.5 (high): The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name…
CVE-2015-1231 — CVSS 7.5 (high): Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have…
CVE-2015-1243 — CVSS 7.5 (high): Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in…
CVE-2015-1250 — CVSS 7.5 (high): Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have…
CVE-2015-1272 — CVSS 7.5 (high): Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a…
CVE-2015-1277 — CVSS 7.5 (high): Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a…
CVE-2015-1279 — CVSS 7.5 (high): Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before…
CVE-2015-1280 — CVSS 7.5 (high): SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory…
CVE-2015-1284 — CVSS 7.5 (high): The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not…
CVE-2015-1289 — CVSS 7.5 (high): Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have…
CVE-2013-2231 — CVSS 7.2 (high): Unquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6…
CVE-2015-1273 — CVSS 6.8 (medium): Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote…
CVE-2015-1274 — CVSS 6.8 (medium): Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote…
CVE-2015-1271 — CVSS 6.8 (medium): PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote…
CVE-2013-5904 — CVSS 6.8 (medium): Unspecified vulnerability in Oracle Java SE 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown…
CVE-2015-1282 — CVSS 6.8 (medium): Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89…
CVE-2015-1288 — CVSS 6.8 (medium): The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary…
CVE-2013-5870 — CVSS 6.8 (medium): Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality, integrity, and…
CVE-2015-1220 — CVSS 6.8 (medium): Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used…
CVE-2015-1270 — CVSS 6.8 (medium): The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before…
CVE-2016-1665 — CVSS 6.5 (medium): The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles…
CVE-2013-5906 — CVSS 5.1 (medium): Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and…
CVE-2014-0418 — CVSS 5.1 (medium): Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability…
CVE-2014-3195 — CVSS 5.0 (medium): Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of…
CVE-2014-7943 — CVSS 5.0 (medium): Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via…
CVE-2014-7941 — CVSS 5.0 (medium): The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91…
CVE-2015-3044 — CVSS 5.0 (medium): Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows…
CVE-2013-5895 — CVSS 5.0 (medium): Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality via unknown vectors…
CVE-2015-1285 — CVSS 5.0 (medium): The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before…
CVE-2014-3199 — CVSS 5.0 (medium): The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 38.0.2125.101…
CVE-2015-3040 — CVSS 5.0 (medium): Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not…
CVE-2014-3198 — CVSS 5.0 (medium): The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a…
CVE-2014-3197 — CVSS 5.0 (medium): The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before…
CVE-2015-1229 — CVSS 5.0 (medium): net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required)…
CVE-2016-1664 — CVSS 4.3 (medium): The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles…
CVE-2015-1286 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_ha…
CVE-2014-7939 — CVSS 4.3 (medium): Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy…
CVE-2014-0382 — CVSS 4.3 (medium): Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect availability via unknown vectors…
CVE-2015-1281 — CVSS 4.3 (medium): core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a…
CVE-2015-1278 — CVSS 4.3 (medium): content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog…
CVE-2015-1287 — CVSS 4.3 (medium): Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style…
CVE-2014-3566 — CVSS 3.4 (low): The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for…