本ページは redhat enterprise_linux_server_supplementary_eus に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2016-1666 | Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | [email protected] | 9.8 | 1.43% | 2016-05-14 | 2026-06-16 |
| CVE-2016-1665 | The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code. | [email protected] | 6.5 | 1.81% | 2016-05-14 | 2026-06-16 |
| CVE-2016-1664 | The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site. | [email protected] | 4.3 | 0.98% | 2016-05-14 | 2026-06-16 |
| CVE-2016-1663 | The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site. | [email protected] | 8.8 | 1.01% | 2016-05-14 | 2026-06-16 |
| CVE-2016-1662 | extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. | [email protected] | 9.8 | 3.88% | 2016-05-14 | 2026-06-16 |
| CVE-2016-1661 | Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp. | [email protected] | 8.0 | 1.24% | 2016-05-14 | 2026-06-16 |
| CVE-2016-1660 | Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site. | [email protected] | 8.8 | 1.13% | 2016-05-14 | 2026-06-16 |
| CVE-2016-3718 KEV | The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. | [email protected] | 5.5 | 76.90% | 2016-05-05 | 2026-06-16 |
| CVE-2016-3717 | The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. | [email protected] | 5.5 | 20.44% | 2016-05-05 | 2026-06-16 |
| CVE-2016-3716 | The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. | [email protected] | 3.3 | 11.38% | 2016-05-05 | 2026-06-16 |
| CVE-2016-3715 KEV | The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. | [email protected] | 5.5 | 75.38% | 2016-05-05 | 2026-06-16 |
| CVE-2016-2051 | Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | [email protected] | 9.8 | 1.00% | 2016-01-25 | 2026-06-16 |
| CVE-2015-1289 | Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | [email protected] | 7.5 | 1.34% | 2015-07-22 | 2026-06-16 |
| CVE-2015-1288 | The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263. | [email protected] | 6.8 | 1.08% | 2015-07-22 | 2026-06-16 |
| CVE-2015-1287 | Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to core/fetch/CSSStyleSheetResource.cpp. | [email protected] | 4.3 | 1.47% | 2015-07-22 | 2026-06-16 |
| CVE-2015-1286 | Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink "Universal XSS (UXSS)." | [email protected] | 4.3 | 1.88% | 2015-07-22 | 2026-06-16 |
| CVE-2015-1285 | The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack. | [email protected] | 5.0 | 1.37% | 2015-07-22 | 2026-06-16 |
| CVE-2015-1282 | Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to the (1) Document::delay and (2) Document::DoFieldDelay functions. | [email protected] | 6.8 | 1.58% | 2015-07-22 | 2026-06-16 |
| CVE-2015-1281 | core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image from an unintended source. | [email protected] | 4.3 | 1.71% | 2015-07-22 | 2026-06-16 |
| CVE-2015-1280 | SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data. | [email protected] | 7.5 | 1.57% | 2015-07-22 | 2026-06-16 |