VYPR

Enterprise Linux Desktop

by Red Hat

CVEs (999)

  • CVE-2017-5063HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.02

    A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5062HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to potentially perform out of bounds memory access via a crafted Chrome extension.

  • CVE-2017-5059HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.03

    Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page.

  • CVE-2017-5057HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.02

    Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

  • CVE-2017-5056HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5054HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page.

  • CVE-2017-5052HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting.

  • CVE-2017-14496HigOct 3, 2017
    risk 0.57cvss 7.5epss 0.66

    Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.

  • CVE-2017-5208HigAug 22, 2017
    risk 0.57cvss 8.8epss 0.04

    Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.

  • CVE-2017-5043HigApr 24, 2017
    risk 0.57cvss 8.8epss 0.01

    Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.

  • CVE-2017-5029HigApr 24, 2017
    risk 0.57cvss 8.8epss 0.02

    The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to…

  • CVE-2016-7545HigJan 19, 2017
    risk 0.57cvss 8.8epss 0.00

    SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

  • CVE-2016-5131HigJul 23, 2016
    risk 0.57cvss 8.8epss 0.02

    Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

  • CVE-2016-5387HigJul 19, 2016
    risk 0.57cvss 8.1epss 0.56

    The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP…

  • CVE-2016-5385HigJul 19, 2016
    risk 0.57cvss 8.1epss 0.50

    PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an…

  • CVE-2016-1704HigJul 3, 2016
    risk 0.57cvss 8.8epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-1703HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-1701HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.01

    The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other…

  • CVE-2016-1697HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via…

  • CVE-2016-1696HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.01

    The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

Page 11 of 50