Max CVSS 10.0 Min CVSS 3.6 Total Count44
IDCVSSSummaryLast (major) updatePublished
CVE-2016-4449 5.8
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource con
11-05-2017 - 21:29 09-06-2016 - 12:59
CVE-2016-4483 5.0
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulne
18-04-2017 - 12:19 11-04-2017 - 12:59
CVE-2016-4447 5.0
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
28-02-2017 - 21:59 09-06-2016 - 12:59
CVE-2016-3705 5.0
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and applic
28-02-2017 - 21:59 17-05-2016 - 10:08
CVE-2016-3627 5.0
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML doc
28-02-2017 - 21:59 17-05-2016 - 10:08
CVE-2016-1840 6.8
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause
28-02-2017 - 21:59 20-05-2016 - 06:59
CVE-2016-1839 4.3
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a craft
28-02-2017 - 21:59 20-05-2016 - 06:59
CVE-2016-1838 4.3
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-
28-02-2017 - 21:59 20-05-2016 - 06:59
CVE-2016-1837 4.3
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remot
28-02-2017 - 21:59 20-05-2016 - 06:59
CVE-2016-1836 4.3
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via
28-02-2017 - 21:59 20-05-2016 - 06:59
CVE-2016-1835 6.8
Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.
28-02-2017 - 21:59 20-05-2016 - 06:59
CVE-2016-1834 9.3
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of
28-02-2017 - 21:59 20-05-2016 - 06:59
CVE-2016-1833 4.3
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafte
28-02-2017 - 21:59 20-05-2016 - 06:59
CVE-2016-1695 6.8
Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
28-02-2017 - 21:59 05-06-2016 - 19:59
CVE-2016-2073 4.3
The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.
17-01-2017 - 21:59 12-02-2016 - 10:59
CVE-2016-1762 5.8
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
27-12-2016 - 21:59 23-03-2016 - 21:59
CVE-2015-1941 7.8
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to read arbitrary files via a crafted TCP packet to an unspecified port.
27-12-2016 - 21:59 30-06-2015 - 11:59
CVE-2016-2150 3.6
SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.
29-11-2016 - 22:04 09-06-2016 - 12:59
CVE-2016-1684 5.1
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly hav
29-11-2016 - 22:04 05-06-2016 - 19:59
CVE-2016-1683 5.1
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via
29-11-2016 - 22:04 05-06-2016 - 19:59
CVE-2016-0749 10.0
The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.
29-11-2016 - 22:03 09-06-2016 - 12:59
CVE-2016-1692 4.3
WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote
28-11-2016 - 15:01 05-06-2016 - 19:59
CVE-2016-1691 5.1
Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted curves, related to SkOpCoin
28-11-2016 - 15:01 05-06-2016 - 19:59
CVE-2016-1689 4.3
Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.
28-11-2016 - 15:01 05-06-2016 - 19:59
CVE-2016-1688 4.3
The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via craf
28-11-2016 - 15:01 05-06-2016 - 19:59
CVE-2016-1682 4.3
The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (C
28-11-2016 - 15:01 05-06-2016 - 19:59
CVE-2016-1680 6.8
Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via unknown v
28-11-2016 - 15:01 05-06-2016 - 19:59
CVE-2016-1679 6.8
The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service (use-after-fr
28-11-2016 - 15:01 05-06-2016 - 19:59
CVE-2016-1678 6.8
objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecifi
28-11-2016 - 15:01 05-06-2016 - 19:59
CVE-2016-1677 4.3
uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."
28-11-2016 - 15:01 05-06-2016 - 19:59
CVE-2016-1675 6.8
Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.
28-11-2016 - 15:01 05-06-2016 - 19:59
CVE-2016-1673 6.8
Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
28-11-2016 - 15:00 05-06-2016 - 19:59
CVE-2015-8806 5.0
dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
22-09-2016 - 21:59 13-04-2016 - 13:59
CVE-2016-1702 4.3
The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serial
29-07-2016 - 15:17 05-06-2016 - 19:59
CVE-2016-1701 6.8
The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possi
29-07-2016 - 15:16 05-06-2016 - 19:59
CVE-2016-1700 5.1
extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly
29-07-2016 - 15:16 05-06-2016 - 19:59
CVE-2016-1699 4.3
WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.ap
29-07-2016 - 15:15 05-06-2016 - 19:59
CVE-2016-1698 4.3
The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive informa
29-07-2016 - 15:15 05-06-2016 - 19:59
CVE-2016-1697 6.8
The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypa
29-07-2016 - 15:14 05-06-2016 - 19:59
CVE-2016-1696 6.8
The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
29-07-2016 - 15:14 05-06-2016 - 19:59
CVE-2016-1703 6.8
Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
28-07-2016 - 13:42 05-06-2016 - 19:59
CVE-2013-7423 5.0
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigge
20-07-2016 - 13:37 24-02-2015 - 10:59
CVE-2014-7913 6.8
The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitra
30-07-2015 - 11:01 29-07-2015 - 20:59
CVE-2014-7912 6.8
The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arb
30-07-2015 - 11:01 29-07-2015 - 20:59
Back to Top Mark selected
Back to Top