VYPR

linux

by Debian

Source repositories

CVEs (3,007)

  • CVE-2016-1701HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.01

    The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other…

  • CVE-2016-1697HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via…

  • CVE-2016-1696HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.01

    The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

  • CVE-2016-1695HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-1681HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.

  • CVE-2016-1680HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.01

    Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via unknown vectors.

  • CVE-2016-1679HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.01

    The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service (use-after-free) or possibly have…

  • CVE-2016-1678HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted…

  • CVE-2016-1676HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

  • CVE-2016-1675HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.

  • CVE-2016-1674HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

  • CVE-2016-1673HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

  • CVE-2016-1672HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via…

  • CVE-2016-1668HigMay 14, 2016
    risk 0.57cvss 8.8epss 0.01

    The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

  • CVE-2016-1667HigMay 14, 2016
    risk 0.57cvss 8.8epss 0.02

    The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same…

  • CVE-2016-3710HigMay 11, 2016
    risk 0.57cvss 8.8epss 0.01

    The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

  • CVE-2016-3105HigMay 9, 2016
    risk 0.57cvss 8.8epss 0.03

    The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.

  • CVE-2016-1655HigApr 18, 2016
    risk 0.57cvss 8.8epss 0.02

    Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension.

  • CVE-2016-1653HigApr 18, 2016
    risk 0.57cvss 8.8epss 0.03

    The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write…

  • CVE-2016-1568HigApr 12, 2016
    risk 0.57cvss 8.8epss 0.01

    Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.

Page 19 of 151