This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Redhat First view 2013-10-01
Product Enterprise Linux Desktop Supplementary Last view 2016-05-14
Version 6.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
9.8 2016-05-14 CVE-2016-1666

Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

6.5 2016-05-14 CVE-2016-1665

The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code.

4.3 2016-05-14 CVE-2016-1664

The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site.

8.8 2016-05-14 CVE-2016-1663

The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site.

9.8 2016-05-14 CVE-2016-1662

extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.

8 2016-05-14 CVE-2016-1661

Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp.

8.8 2016-05-14 CVE-2016-1660

Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site.

8.8 2016-04-14 CVE-2015-8540

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.

9.8 2016-01-25 CVE-2016-2051

Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5 2015-07-22 CVE-2015-1289

Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

6.8 2015-07-22 CVE-2015-1288

The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.

4.3 2015-07-22 CVE-2015-1287

Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to core/fetch/CSSStyleSheetResource.cpp.

4.3 2015-07-22 CVE-2015-1286

Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink "Universal XSS (UXSS)."

5 2015-07-22 CVE-2015-1285

The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack.

7.5 2015-07-22 CVE-2015-1284

The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements.

6.8 2015-07-22 CVE-2015-1282

Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to the (1) Document::delay and (2) Document::DoFieldDelay functions.

4.3 2015-07-22 CVE-2015-1281

core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image from an unintended source.

7.5 2015-07-22 CVE-2015-1280

SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data.

7.5 2015-07-22 CVE-2015-1279

Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via large height and stride values.

4.3 2015-07-22 CVE-2015-1278

content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document, as demonstrated by the alert_dialog.pdf document.

7.5 2015-07-22 CVE-2015-1277

Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures.

9.8 2015-07-22 CVE-2015-1276

Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an abort action before a certain write operation.

6.8 2015-07-22 CVE-2015-1274

Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous "Always open files of this type" choice, related to download_commands.cc and download_prefs.cc.

6.8 2015-07-22 CVE-2015-1273

Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document.

7.5 2015-07-22 CVE-2015-1272

Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the continued availability of a GPUChannelHost data structure during Blink shutdown, related to content/browser/gpu/browser_gpu_channel_host_factory.cc and content/renderer/render_thread_impl.cc.

CWE : Common Weakness Enumeration

%idName
17% (8) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
10% (5) CWE-416 Use After Free
10% (5) CWE-399 Resource Management Errors
10% (5) CWE-17 Code
8% (4) CWE-254 Security Features
8% (4) CWE-20 Improper Input Validation
6% (3) CWE-264 Permissions, Privileges, and Access Controls
6% (3) CWE-200 Information Exposure
6% (3) CWE-189 Numeric Errors
4% (2) CWE-19 Data Handling
2% (1) CWE-310 Cryptographic Issues
2% (1) CWE-190 Integer Overflow or Wraparound
2% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
2% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

OpenVAS Exploits

id Description
2014-10-16 Name : POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability
File : nvt/gb_poodel_sslv3_info_disc_vuln.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0154 Multiple Vulnerabilities in Oracle Fusion Middleware
Severity: Category I - VMSKEY: V0061081
2015-B-0014 Multiple Vulnerabilities in VMware ESXi 5.5
Severity: Category I - VMSKEY: V0058513
2015-B-0013 Multiple Vulnerabilities in VMware ESXi 5.1
Severity: Category I - VMSKEY: V0058515
2015-B-0012 Multiple Vulnerabilities in VMware ESXi 5.0
Severity: Category I - VMSKEY: V0058517
2014-A-0010 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0043398

Snort® IPS/IDS

Date Description
2018-02-03 Adobe Flash Player ConvolutionFilter Matrix use after free attempt
RuleID : 45310 - Type : FILE-FLASH - Revision : 1
2018-02-03 Adobe Flash Player ConvolutionFilter Matrix use after free attempt
RuleID : 45309 - Type : FILE-FLASH - Revision : 1
2015-05-28 Adobe Flash Player Sound.extract integer overflow attempt
RuleID : 34279 - Type : FILE-FLASH - Revision : 2
2015-05-28 Adobe Flash Player Sound.extract integer overflow attempt
RuleID : 34278 - Type : FILE-FLASH - Revision : 2
2015-05-28 Adobe Flash Player Sound.extract integer overflow attempt
RuleID : 34277 - Type : FILE-FLASH - Revision : 2
2015-05-28 Adobe Flash Player Sound.extract integer overflow attempt
RuleID : 34276 - Type : FILE-FLASH - Revision : 2
2015-05-28 Adobe Flash Player flash settings manager double free attempt
RuleID : 34260 - Type : FILE-FLASH - Revision : 2
2015-05-28 Adobe Flash Player flash settings manager double free attempt
RuleID : 34259 - Type : FILE-FLASH - Revision : 2
2015-05-28 Adobe Flash Player flash settings manager double free attempt
RuleID : 34258 - Type : FILE-FLASH - Revision : 2
2015-05-28 Adobe Flash Player flash settings manager double free attempt
RuleID : 34257 - Type : FILE-FLASH - Revision : 2
2015-05-28 Adobe Flash Player flash settings manager double free attempt
RuleID : 34256 - Type : FILE-FLASH - Revision : 2
2015-05-28 Adobe Flash Player flash settings manager double free attempt
RuleID : 34255 - Type : FILE-FLASH - Revision : 2
2015-05-28 Adobe Flash Player potential information disclosure attempt
RuleID : 34235 - Type : FILE-FLASH - Revision : 3
2015-05-28 Adobe Flash Player potential information disclosure attempt
RuleID : 34234 - Type : FILE-FLASH - Revision : 3
2015-05-28 Adobe Flash Player potential information disclosure attempt
RuleID : 34233 - Type : FILE-FLASH - Revision : 3
2015-05-28 Adobe Flash Player potential information disclosure attempt
RuleID : 34232 - Type : FILE-FLASH - Revision : 3
2015-05-21 Adobe Flash Player domain security bypass attempt
RuleID : 34177 - Type : FILE-FLASH - Revision : 2
2015-05-21 Adobe Flash Player domain security bypass attempt
RuleID : 34176 - Type : FILE-FLASH - Revision : 2
2015-05-21 Adobe Flash Player TextField filter use-after-free attempt
RuleID : 34175 - Type : FILE-FLASH - Revision : 2
2015-05-21 Adobe Flash Player TextField filter use-after-free attempt
RuleID : 34174 - Type : FILE-FLASH - Revision : 2
2015-05-21 Adobe Flash Player TextField filter use-after-free attempt
RuleID : 34173 - Type : FILE-FLASH - Revision : 2
2015-05-21 Adobe Flash Player TextField filter use-after-free attempt
RuleID : 34172 - Type : FILE-FLASH - Revision : 2
2014-12-18 SSLv3 CBC client connection attempt
RuleID : 32566 - Type : POLICY-OTHER - Revision : 2
2014-11-19 SSLv3 POODLE CBC padding brute force attempt
RuleID : 32205 - Type : SERVER-OTHER - Revision : 5
2014-11-19 SSLv3 POODLE CBC padding brute force attempt
RuleID : 32204 - Type : SERVER-OTHER - Revision : 5

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-12-07 Name: The remote host is potentially affected by an SSL/TLS vulnerability.
File: check_point_gaia_sk103683.nasl - Type: ACT_GATHER_INFO
2017-07-20 Name: The remote database server is affected by multiple vulnerabilities.
File: oracle_rdbms_cpu_jul_2017.nasl - Type: ACT_GATHER_INFO
2017-04-18 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-477.nasl - Type: ACT_GATHER_INFO
2017-04-12 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-459.nasl - Type: ACT_GATHER_INFO
2017-04-07 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-0950-1.nasl - Type: ACT_GATHER_INFO
2017-04-06 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-441.nasl - Type: ACT_GATHER_INFO
2017-04-03 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-0901-1.nasl - Type: ACT_GATHER_INFO
2017-03-30 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-0860-1.nasl - Type: ACT_GATHER_INFO
2017-01-10 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_03532a19d68e11e6917114dae9d210b8.nasl - Type: ACT_GATHER_INFO
2016-11-23 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1339.nasl - Type: ACT_GATHER_INFO
2016-11-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201611-08.nasl - Type: ACT_GATHER_INFO
2016-10-31 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1243.nasl - Type: ACT_GATHER_INFO
2016-09-28 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2396-1.nasl - Type: ACT_GATHER_INFO
2016-09-19 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2329-1.nasl - Type: ACT_GATHER_INFO
2016-09-13 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2285-1.nasl - Type: ACT_GATHER_INFO
2016-08-02 Name: The remote Debian host is missing a security update.
File: debian_DLA-375-1.nasl - Type: ACT_GATHER_INFO
2016-07-19 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-1430.nasl - Type: ACT_GATHER_INFO
2016-06-27 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201606-11.nasl - Type: ACT_GATHER_INFO
2016-06-27 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-756.nasl - Type: ACT_GATHER_INFO
2016-06-17 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1457-1.nasl - Type: ACT_GATHER_INFO
2016-05-31 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_7da1da9624bb11e6bd313065ec8fd3ec.nasl - Type: ACT_GATHER_INFO
2016-05-19 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-2960-1.nasl - Type: ACT_GATHER_INFO
2016-05-17 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201605-02.nasl - Type: ACT_GATHER_INFO
2016-05-13 Name: A web application running on the remote host is affected by multiple vulnerab...
File: solarwinds_srm_profiler_6_2_3.nasl - Type: ACT_GATHER_INFO
2016-05-04 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-538.nasl - Type: ACT_GATHER_INFO