Max CVSS 10.0 Min CVSS 2.1 Total Count41
IDCVSSSummaryLast (major) updatePublished
CVE-2014-1748 5.0
The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame.
06-01-2017 - 21:59 21-05-2014 - 07:14
CVE-2015-1155 4.3
The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.
02-01-2017 - 21:59 07-05-2015 - 20:59
CVE-2015-3727 6.8
WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web s
27-12-2016 - 21:59 02-07-2015 - 22:00
CVE-2015-3659 6.8
The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows re
27-12-2016 - 21:59 02-07-2015 - 21:59
CVE-2015-3658 6.8
The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, w
27-12-2016 - 21:59 02-07-2015 - 21:59
CVE-2015-5928 6.8
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulne
23-12-2016 - 21:59 23-10-2015 - 17:59
CVE-2015-3752 5.0
The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allow
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3749 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3748 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3747 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3745 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3743 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3741 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3731 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-5822 6.8
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability
21-12-2016 - 22:00 18-09-2015 - 06:59
CVE-2015-5809 6.8
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit
21-12-2016 - 22:00 18-09-2015 - 06:59
CVE-2015-5801 6.8
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit
21-12-2016 - 22:00 18-09-2015 - 06:59
CVE-2015-5794 6.8
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit
21-12-2016 - 22:00 18-09-2015 - 06:59
CVE-2015-5788 4.3
The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element.
21-12-2016 - 22:00 18-09-2015 - 06:59
CVE-2015-8126 7.5
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a den
07-12-2016 - 13:26 12-11-2015 - 22:59
CVE-2016-1642 10.0
Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
02-12-2016 - 22:21 05-03-2016 - 21:59
CVE-2016-1641 9.3
Use-after-free vulnerability in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an image download afte
02-12-2016 - 22:21 05-03-2016 - 21:59
CVE-2016-1640 4.3
The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing tha
02-12-2016 - 22:21 05-03-2016 - 21:59
CVE-2016-1639 10.0
Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possib
02-12-2016 - 22:21 05-03-2016 - 21:59
CVE-2016-1638 6.8
extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restrictions via a crafted platform app
02-12-2016 - 22:21 05-03-2016 - 21:59
CVE-2016-1637 4.3
The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in Skia, as used in Google Chrome before 49.0.2623.75, mishandles arctangent calculations, which allows remote attackers to obtain sensitive information via a crafted web site.
02-12-2016 - 22:21 05-03-2016 - 21:59
CVE-2016-1636 7.5
The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote
02-12-2016 - 22:21 05-03-2016 - 21:59
CVE-2016-1635 10.0
extensions/renderer/render_frame_observer_natives.cc in Google Chrome before 49.0.2623.75 does not properly consider object lifetimes and re-entrancy issues during OnDocumentElementCreated handling, which allows remote attackers to cause a denial of
02-12-2016 - 22:21 05-03-2016 - 21:59
CVE-2016-1634 9.3
Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possi
02-12-2016 - 22:21 05-03-2016 - 21:59
CVE-2016-1633 10.0
Use-after-free vulnerability in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
02-12-2016 - 22:21 05-03-2016 - 21:59
CVE-2016-1632 6.8
The Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly maintain own properties, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code that triggers an incorrect cast, related to exte
02-12-2016 - 22:21 05-03-2016 - 21:59
CVE-2016-1631 6.8
The PPB_Flash_MessageLoop_Impl::InternalRun function in content/renderer/pepper/ppb_flash_message_loop_impl.cc in the Pepper plugin in Google Chrome before 49.0.2623.75 mishandles nested message loops, which allows remote attackers to bypass the Same
02-12-2016 - 22:21 05-03-2016 - 21:59
CVE-2016-1630 6.8
The ContainerNode::parserRemoveChild function in WebKit/Source/core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 49.0.2623.75, mishandles widget updates, which makes it easier for remote attackers to bypass the Same Origin Policy v
02-12-2016 - 22:21 05-03-2016 - 21:59
CVE-2015-1153 6.8
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnera
02-12-2016 - 22:03 07-05-2015 - 20:59
CVE-2015-1127 2.1
The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.
02-12-2016 - 22:03 10-04-2015 - 10:59
CVE-2015-1122 6.8
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application cra
02-12-2016 - 22:03 10-04-2015 - 10:59
CVE-2015-1120 6.8
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application cra
02-12-2016 - 22:03 10-04-2015 - 10:59
CVE-2015-1083 6.8
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnera
02-12-2016 - 22:03 18-03-2015 - 18:59
CVE-2015-1081 6.8
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnera
02-12-2016 - 22:03 18-03-2015 - 18:59
CVE-2015-1076 6.8
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnera
02-12-2016 - 22:03 18-03-2015 - 18:59
CVE-2015-1071 6.8
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnera
02-12-2016 - 22:02 18-03-2015 - 18:59
Back to Top Mark selected
Back to Top