Max CVSS 7.8 Min CVSS 2.1 Total Count85
IDCVSSSummaryLast (major) updatePublished
CVE-2016-8623 5.0
A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.
01-08-2018 - 02:29 01-08-2018 - 02:29
CVE-2016-8620 7.5
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.
01-08-2018 - 02:29 01-08-2018 - 02:29
CVE-2016-8619 7.5
The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.
01-08-2018 - 02:29 01-08-2018 - 02:29
CVE-2016-8616 4.3
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for
01-08-2018 - 02:29 01-08-2018 - 02:29
CVE-2016-8615 5.0
A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.
01-08-2018 - 02:29 01-08-2018 - 02:29
CVE-2016-8621 5.0
The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.
31-07-2018 - 18:29 31-07-2018 - 18:29
CVE-2016-8617 4.4
The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.
31-07-2018 - 18:29 31-07-2018 - 18:29
CVE-2016-8624 5.0
curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for
31-07-2018 - 17:29 31-07-2018 - 17:29
CVE-2016-8622 7.5
The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32
31-07-2018 - 17:29 31-07-2018 - 17:29
CVE-2016-8618 7.5
The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.
31-07-2018 - 17:29 31-07-2018 - 17:29
CVE-2016-5178 7.5
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
23-05-2017 - 00:29 23-05-2017 - 00:29
CVE-2016-5177 6.8
Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.
23-05-2017 - 00:29 23-05-2017 - 00:29
CVE-2016-5129 6.8
Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via cr
07-04-2017 - 21:59 23-07-2016 - 15:59
CVE-2016-6911 4.3
The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.
31-01-2017 - 21:59 26-01-2017 - 10:59
CVE-2016-8670 7.5
Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer ov
06-01-2017 - 22:00 04-01-2017 - 15:59
CVE-2016-5175 6.8
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
06-01-2017 - 22:00 25-09-2016 - 16:59
CVE-2016-5174 4.3
browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) vi
06-01-2017 - 22:00 25-09-2016 - 16:59
CVE-2016-5173 6.8
The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass
06-01-2017 - 22:00 25-09-2016 - 16:59
CVE-2016-5172 4.3
The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.
06-01-2017 - 22:00 25-09-2016 - 16:59
CVE-2016-5171 6.8
WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecifi
06-01-2017 - 22:00 25-09-2016 - 16:59
CVE-2016-5170 6.8
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service
06-01-2017 - 22:00 25-09-2016 - 16:59
CVE-2014-7822 7.2
The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unsp
02-01-2017 - 21:59 16-03-2015 - 06:59
CVE-2015-5366 5.0
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect chec
30-12-2016 - 21:59 31-08-2015 - 06:59
CVE-2015-5364 7.8
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet f
30-12-2016 - 21:59 31-08-2015 - 06:59
CVE-2016-5187 4.3
Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.
22-12-2016 - 11:05 17-12-2016 - 22:59
CVE-2016-5183 6.8
A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files.
22-12-2016 - 11:04 17-12-2016 - 22:59
CVE-2016-5188 4.3
Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages.
22-12-2016 - 10:52 17-12-2016 - 22:59
CVE-2015-5697 2.1
The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.
21-12-2016 - 22:00 31-08-2015 - 06:59
CVE-2015-3212 4.9
Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls.
21-12-2016 - 21:59 31-08-2015 - 06:59
CVE-2015-1805 7.2
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a den
21-12-2016 - 21:59 08-08-2015 - 06:59
CVE-2015-1333 4.9
Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys.
21-12-2016 - 21:59 31-08-2015 - 06:59
CVE-2016-5193 4.3
Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages.
20-12-2016 - 10:13 17-12-2016 - 22:59
CVE-2016-5191 4.3
Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML p
20-12-2016 - 09:49 17-12-2016 - 22:59
CVE-2016-5190 6.8
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.
20-12-2016 - 09:42 17-12-2016 - 22:59
CVE-2016-5181 4.3
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (U
20-12-2016 - 07:56 17-12-2016 - 22:59
CVE-2016-5189 4.3
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pa
20-12-2016 - 07:50 17-12-2016 - 22:59
CVE-2016-5185 6.8
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read v
20-12-2016 - 07:46 17-12-2016 - 22:59
CVE-2016-5192 4.3
Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages.
20-12-2016 - 07:29 17-12-2016 - 22:59
CVE-2016-5186 6.8
Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files.
20-12-2016 - 07:23 17-12-2016 - 22:59
CVE-2016-5184 6.8
PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption v
20-12-2016 - 07:14 17-12-2016 - 22:59
CVE-2016-5182 6.8
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages.
20-12-2016 - 07:09 17-12-2016 - 22:59
CVE-2015-6937 4.9
The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was
07-12-2016 - 22:13 19-10-2015 - 06:59
CVE-2015-5156 6.1
The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corrup
07-12-2016 - 22:09 19-10-2015 - 06:59
CVE-2016-7568 7.5
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspe
28-11-2016 - 15:39 28-09-2016 - 16:59
CVE-2016-5167 7.5
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
28-11-2016 - 15:23 11-09-2016 - 06:59
CVE-2016-5166 2.6
The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote
28-11-2016 - 15:23 11-09-2016 - 06:59
CVE-2016-5165 4.3
Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the
28-11-2016 - 15:23 11-09-2016 - 06:59
CVE-2016-5164 4.3
Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary we
28-11-2016 - 15:23 11-09-2016 - 06:59
CVE-2016-5163 4.3
The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted
28-11-2016 - 15:23 11-09-2016 - 06:59
CVE-2016-5162 4.3
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resource
28-11-2016 - 15:23 11-09-2016 - 06:59
CVE-2016-5161 6.8
The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attack
28-11-2016 - 15:23 11-09-2016 - 06:59
CVE-2016-5160 4.3
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resource
28-11-2016 - 15:23 11-09-2016 - 06:59
CVE-2016-5159 6.8
Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have uns
28-11-2016 - 15:23 11-09-2016 - 06:59
CVE-2016-5158 6.8
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-
28-11-2016 - 15:23 11-09-2016 - 06:59
CVE-2016-5157 6.8
Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via c
28-11-2016 - 15:23 11-09-2016 - 06:59
CVE-2016-5156 6.8
extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attac
28-11-2016 - 15:23 11-09-2016 - 06:59
CVE-2016-5155 4.3
Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.
28-11-2016 - 15:23 11-09-2016 - 06:59
CVE-2016-5154 6.8
Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a cra
28-11-2016 - 15:23 11-09-2016 - 06:59
CVE-2016-5153 6.8
The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-
28-11-2016 - 15:23 11-09-2016 - 06:59
CVE-2016-5152 6.8
Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (he
28-11-2016 - 15:23 11-09-2016 - 06:59
CVE-2016-5151 6.8
PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PD
28-11-2016 - 15:23 11-09-2016 - 06:59
CVE-2016-5150 6.8
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly r
28-11-2016 - 15:23 11-09-2016 - 06:59
CVE-2016-5149 6.8
The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injecti
28-11-2016 - 15:23 11-09-2016 - 06:59
CVE-2016-5148 4.3
Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates
28-11-2016 - 15:23 11-09-2016 - 06:59
CVE-2016-5147 4.3
Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS
28-11-2016 - 15:23 11-09-2016 - 06:59
CVE-2016-5146 7.5
Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
28-11-2016 - 15:23 07-08-2016 - 15:59
CVE-2016-5145 6.8
Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Or
28-11-2016 - 15:23 07-08-2016 - 15:59
CVE-2016-5144 7.5
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access
28-11-2016 - 15:23 07-08-2016 - 15:59
CVE-2016-5143 7.5
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access
28-11-2016 - 15:22 07-08-2016 - 15:59
CVE-2016-5142 7.5
The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspeci
28-11-2016 - 15:22 07-08-2016 - 15:59
CVE-2016-5141 5.0
Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp.
28-11-2016 - 15:22 07-08-2016 - 15:59
CVE-2016-5140 7.5
Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafte
28-11-2016 - 15:22 07-08-2016 - 15:59
CVE-2016-5139 6.8
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified
28-11-2016 - 15:22 07-08-2016 - 15:59
CVE-2016-5138 6.8
Integer overflow in the kbasep_vinstr_attach_client function in midgard/mali_kbase_vinstr.c in Google Chrome before 52.0.2743.85 allows remote attackers to cause a denial of service (heap-based buffer overflow and use-after-free) by leveraging an unr
28-11-2016 - 15:22 31-07-2016 - 22:59
CVE-2016-5137 4.3
The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and do
28-11-2016 - 15:22 23-07-2016 - 15:59
CVE-2016-5136 6.8
Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors re
28-11-2016 - 15:22 23-07-2016 - 15:59
CVE-2016-5135 4.3
WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the
28-11-2016 - 15:22 23-07-2016 - 15:59
CVE-2016-5134 4.3
net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating
28-11-2016 - 15:22 23-07-2016 - 15:59
CVE-2016-5133 4.3
Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server
28-11-2016 - 15:22 23-07-2016 - 15:59
CVE-2016-5132 6.8
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via
28-11-2016 - 15:22 23-07-2016 - 15:59
CVE-2016-5131 6.8
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
28-11-2016 - 15:22 23-07-2016 - 15:59
CVE-2016-5130 4.3
content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.
28-11-2016 - 15:22 23-07-2016 - 15:59
CVE-2016-5128 6.8
objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a
28-11-2016 - 15:22 23-07-2016 - 15:59
CVE-2016-5127 6.8
Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript
28-11-2016 - 15:22 23-07-2016 - 15:59
CVE-2016-7167 7.5
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a h
11-10-2016 - 08:17 07-10-2016 - 10:59
Back to Top Mark selected
Back to Top