Enterprise Linux Desktop Supplementary Security Vulnerabilities and Issues — Enterprise Linux Desktop Supplementary CVE List

Lucene search

RedhatEnterprise Linux Desktop Supplementary

8 matches found

CVE•added 2014/10/15 12:55 a.m.•837 views

CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

4.3CVSS4.4AI score0.94196EPSS

CVE•added 2015/07/23 12:59 a.m.•80 views

CVE-2015-1281

core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image from an unintended source.

4.3CVSS8.9AI score0.00976EPSS

CVE•added 2015/07/23 12:59 a.m.•76 views

CVE-2015-1278

content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document, as demonstrated by the alert_dialog.pdf do...

4.3CVSS8.6AI score0.0109EPSS

CVE•added 2016/05/14 9:59 p.m.•65 views

CVE-2016-1664

The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site...

4.3CVSS5.6AI score0.00945EPSS

CVE•added 2015/07/23 12:59 a.m.•64 views

CVE-2015-1287

Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related t...

4.3CVSS8.7AI score0.00865EPSS

CVE•added 2015/07/23 12:59 a.m.•60 views

CVE-2015-1286

Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context res...

4.3CVSS7.2AI score0.00687EPSS

CVE•added 2015/01/22 10:59 p.m.•56 views

CVE-2014-7939

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.

4.3CVSS9AI score0.00694EPSS

CVE•added 2014/01/15 4:8 p.m.•55 views

CVE-2014-0382

Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect availability via unknown vectors related to JavaFX.

4.3CVSS4.3AI score0.02209EPSS