VIR Vulnerability Intelligence Relay

Search

Found 1,004 results in 155ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2015-1207 medium 6.5 6.5 FIX debian debian google 9y ago Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file.
CVE-2017-9045 medium 5.9 5.9 google 9y ago The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http://storage.googleapis.com without SSL, which makes it easier for man-in-the-middle attackers to spoof …
CVE-2017-5046 medium 4.3 4.3 FIX arch arch rheldebian debian google 9y ago multiple issues in chromium
CVE-2017-5045 medium 6.1 6.1 FIX arch arch rheldebian debian google 9y ago multiple issues in chromium
CVE-2017-5044 medium 6.3 6.3 FIX arch arch rheldebian debian google 9y ago multiple issues in chromium
CVE-2017-5042 medium 5.7 5.7 FIX arch arch rheldebian debian google 9y ago multiple issues in chromium
CVE-2017-5041 medium 4.3 4.3 FIX arch arch google 9y ago multiple issues in chromium
CVE-2017-5040 medium 4.3 4.3 FIX arch arch rheldebian debian google 9y ago multiple issues in chromium
CVE-2017-5038 medium 6.3 6.3 FIX arch arch rheldebian debian google 9y ago multiple issues in chromium
CVE-2017-5033 medium 4.3 4.3 FIX arch arch rheldebian debian google 9y ago multiple issues in chromium
CVE-2017-5027 medium 4.3 4.3 google 9y ago Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacke…
CVE-2017-5026 medium 4.3 4.3 FIX arch arch google 9y ago multiple issues in chromium
CVE-2017-5025 medium 5.5 5.5 FIX arch archdebian debian google 9y ago multiple issues in chromium
CVE-2017-5024 medium 5.5 5.5 FIX arch archdebian debian google 9y ago multiple issues in chromium
CVE-2017-5023 medium 4.3 4.3 FIX arch arch google 9y ago multiple issues in chromium
CVE-2017-5022 medium 4.3 4.3 FIX arch arch google 9y ago multiple issues in chromium
CVE-2017-5021 medium 4.3 4.3 FIX arch arch google 9y ago multiple issues in chromium
CVE-2017-5020 medium 6.1 6.1 FIX arch arch google 9y ago multiple issues in chromium
CVE-2017-5019 medium 6.3 6.3 FIX arch arch google 9y ago multiple issues in chromium
CVE-2017-5018 medium 6.1 6.1 FIX arch arch google 9y ago multiple issues in chromium
CVE-2017-5017 medium 4.3 4.3 FIX arch arch google 9y ago multiple issues in chromium
CVE-2017-5016 medium 6.5 6.5 FIX arch arch google 9y ago multiple issues in chromium
CVE-2017-5015 medium 6.5 6.5 FIX arch arch google 9y ago multiple issues in chromium
CVE-2017-5014 medium 6.3 6.3 FIX arch arch google 9y ago multiple issues in chromium
CVE-2017-5013 medium 6.5 6.5 FIX arch arch google 9y ago multiple issues in chromium
CVE-2017-5011 medium 6.5 6.5 FIX arch arch google 9y ago multiple issues in chromium
CVE-2017-5010 medium 6.1 6.1 FIX arch arch google 9y ago multiple issues in chromium
CVE-2017-5008 medium 6.1 6.1 FIX arch arch google 9y ago multiple issues in chromium
CVE-2017-5007 medium 6.1 6.1 FIX arch arch google 9y ago multiple issues in chromium
CVE-2017-5006 medium 6.1 6.1 FIX arch arch google 9y ago multiple issues in chromium
CVE-2016-9650 medium 4.3 4.3 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5226 medium 6.1 6.1 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5225 medium 4.3 4.3 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5224 medium 4.3 4.3 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5223 medium 6.5 6.5 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5222 medium 6.5 6.5 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5221 medium 6.3 6.3 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5220 medium 6.5 6.5 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5219 medium 6.3 6.3 FIX slesarch arch google 10y ago multiple issues in chromium
CVE-2016-5218 medium 6.5 6.5 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5217 medium 6.5 6.5 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5216 medium 6.3 6.3 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5215 medium 6.3 6.3 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5214 medium 4.3 4.3 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5212 medium 6.5 6.5 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5208 medium 6.1 6.1 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5207 medium 6.1 6.1 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5205 medium 6.1 6.1 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5204 medium 6.1 6.1 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5201 medium 6.5 6.5 google 10y ago A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged J…
CVE-2016-5193 medium 4.3 4.3 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5192 medium 6.5 6.5 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5191 medium 6.1 6.1 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5190 medium 6.3 6.3 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5189 medium 6.5 6.5 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5188 medium 4.3 4.3 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5187 medium 6.5 6.5 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5186 medium 5.3 5.3 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5181 medium 6.1 6.1 FIX arch arch google 10y ago multiple issues in chromium
CVE-2005-4900 medium 5.9 5.9 google 10y ago SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists …
CVE-2016-5176 medium 6.5 6.5 google 10y ago Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.
CVE-2016-5174 medium 6.5 6.5 google 10y ago browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers t…
CVE-2016-5172 medium 6.5 6.5 debian debian googlenodejs 10y ago The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted Ja…
CVE-2016-5166 low 3.1 3.1 suse suse google 10y ago The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// …
CVE-2016-5165 medium 6.1 6.1 suse suse google 10y ago Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attack…
CVE-2016-5164 medium 6.1 6.1 suse suse google 10y ago Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Li…
CVE-2016-5163 medium 4.3 4.3 suse suse google 10y ago The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows rem…
CVE-2016-5162 medium 6.5 6.5 suse suse google 10y ago The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use a…
CVE-2016-5160 medium 6.5 6.5 suse suse google 10y ago The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use a…
CVE-2016-5155 medium 6.5 6.5 suse suse google 10y ago Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address ba…
CVE-2016-5148 medium 6.1 6.1 google 10y ago Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web s…
CVE-2016-5147 medium 6.1 6.1 google 10y ago Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script …
CVE-2016-7153 medium 5.3 5.3 microsoftgoogleapple 10y ago The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by lever…
CVE-2016-7152 medium 5.3 5.3 operaapplemozilla 10y ago The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by levera…
CVE-2016-5137 medium 4.3 4.3 google 10y ago The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does no…
CVE-2016-5135 medium 6.5 6.5 google 10y ago WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload re…
CVE-2016-5133 medium 5.3 5.3 google 10y ago Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect…
CVE-2016-5130 medium 6.5 6.5 google 10y ago content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL dis…
CVE-2016-1707 medium 6.5 6.5 google 10y ago ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof…
CVE-2016-1702 medium 6.5 6.5 rhelubuntu ubuntudebian debian google 10y ago The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial…
CVE-2016-1699 medium 6.5 6.5 ubuntu ubuntu rheldebian debian google 10y ago WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl paramet…
CVE-2016-1698 medium 6.5 6.5 rheldebian debiansuse suse google 10y ago The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to…
CVE-2016-1694 medium 5.3 5.3 suse susedebian debian rhel google 10y ago browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid …
CVE-2016-1693 medium 5.3 5.3 suse susedebian debian rhel google 10y ago browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to…
CVE-2016-1692 medium 5.3 5.3 suse susedebian debianubuntu ubuntu google 10y ago WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet downl…
CVE-2016-1689 medium 6.5 6.5 suse susedebian debianubuntu ubuntu google 10y ago Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified o…
CVE-2016-1688 medium 6.5 6.5 suse susedebian debianubuntu ubuntu google 10y ago The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to caus…
CVE-2016-1687 medium 6.5 6.5 suse susedebian debian rhel google 10y ago The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors relat…
CVE-2016-1686 medium 6.5 6.5 suse susedebian debian rhel google 10y ago The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, wh…
CVE-2016-1685 medium 6.5 6.5 suse susedebian debian rhel google 10y ago core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read…
CVE-2016-1682 medium 6.1 6.1 suse susedebian debianubuntu ubuntu google 10y ago The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote…
CVE-2016-1677 medium 6.5 6.5 suse susedebian debianubuntu ubuntu google 10y ago uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeU…
CVE-2016-1670 medium 5.3 5.3 slesdebian debiansuse suse google 10y ago Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to mak…
CVE-2016-1665 medium 6.5 6.5 slessuse suse google 10y ago The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sen…
CVE-2016-1664 medium 4.3 4.3 slessuse suse google 10y ago The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and othe…
CVE-2016-1658 medium 4.3 4.3 debian debiansuse suse novellgoogle 10y ago The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and o…
CVE-2016-1657 medium 4.3 4.3 debian debiansuse suse novellgoogle 10y ago The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which…
CVE-2016-1654 medium 6.5 6.5 debian debianubuntu ubuntususe suse google 10y ago The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unk…
CVE-2016-1652 medium 6.1 6.1 debian debiansuse suse google 10y ago Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allow…
CVE-2016-2845 medium 5.3 5.3 google 10y ago The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remo…