VIR Vulnerability Intelligence Relay

Search

Found 962 results in 148ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2016-5226 medium 6.1 6.1 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5225 medium 4.3 4.3 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5224 medium 4.3 4.3 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5223 medium 6.5 6.5 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5222 medium 6.5 6.5 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5221 medium 6.3 6.3 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5220 medium 6.5 6.5 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5219 medium 6.3 6.3 FIX slesarch arch google 10y ago multiple issues in chromium
CVE-2016-5218 medium 6.5 6.5 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5217 medium 6.5 6.5 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5216 medium 6.3 6.3 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5215 medium 6.3 6.3 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5214 medium 4.3 4.3 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5212 medium 6.5 6.5 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5208 medium 6.1 6.1 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5207 medium 6.1 6.1 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5205 medium 6.1 6.1 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5204 medium 6.1 6.1 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5201 medium 6.5 6.5 google 10y ago A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged J…
CVE-2016-5193 medium 4.3 4.3 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5192 medium 6.5 6.5 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5191 medium 6.1 6.1 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5190 medium 6.3 6.3 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5189 medium 6.5 6.5 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5188 medium 4.3 4.3 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5187 medium 6.5 6.5 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5186 medium 5.3 5.3 FIX arch arch google 10y ago multiple issues in chromium
CVE-2016-5181 medium 6.1 6.1 FIX arch arch google 10y ago multiple issues in chromium
CVE-2005-4900 medium 5.9 5.9 google 10y ago SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists …
CVE-2016-5176 medium 6.5 6.5 google 10y ago Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.
CVE-2016-5174 medium 6.5 6.5 google 10y ago browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers t…
CVE-2016-5172 medium 6.5 6.5 debian debian googlenodejs 10y ago The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted Ja…
CVE-2016-5165 medium 6.1 6.1 suse suse google 10y ago Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attack…
CVE-2016-5164 medium 6.1 6.1 suse suse google 10y ago Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Li…
CVE-2016-5163 medium 4.3 4.3 suse suse google 10y ago The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows rem…
CVE-2016-5162 medium 6.5 6.5 suse suse google 10y ago The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use a…
CVE-2016-5160 medium 6.5 6.5 suse suse google 10y ago The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use a…
CVE-2016-5155 medium 6.5 6.5 suse suse google 10y ago Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address ba…
CVE-2016-5148 medium 6.1 6.1 google 10y ago Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web s…
CVE-2016-5147 medium 6.1 6.1 google 10y ago Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script …
CVE-2016-7153 medium 5.3 5.3 microsoftgoogleapple 10y ago The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by lever…
CVE-2016-7152 medium 5.3 5.3 operaapplemozilla 10y ago The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by levera…
CVE-2016-5137 medium 4.3 4.3 google 10y ago The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does no…
CVE-2016-5135 medium 6.5 6.5 google 10y ago WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload re…
CVE-2016-5133 medium 5.3 5.3 google 10y ago Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect…
CVE-2016-5130 medium 6.5 6.5 google 10y ago content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL dis…
CVE-2016-1707 medium 6.5 6.5 google 10y ago ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof…
CVE-2016-1702 medium 6.5 6.5 rhelubuntu ubuntudebian debian google 10y ago The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial…
CVE-2016-1699 medium 6.5 6.5 ubuntu ubuntu rheldebian debian google 10y ago WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl paramet…
CVE-2016-1698 medium 6.5 6.5 rheldebian debiansuse suse google 10y ago The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to…
CVE-2016-1694 medium 5.3 5.3 suse susedebian debian rhel google 10y ago browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid …
CVE-2016-1693 medium 5.3 5.3 suse susedebian debian rhel google 10y ago browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to…
CVE-2016-1692 medium 5.3 5.3 suse susedebian debianubuntu ubuntu google 10y ago WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet downl…
CVE-2016-1689 medium 6.5 6.5 suse susedebian debianubuntu ubuntu google 10y ago Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified o…
CVE-2016-1688 medium 6.5 6.5 suse susedebian debianubuntu ubuntu google 10y ago The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to caus…
CVE-2016-1687 medium 6.5 6.5 suse susedebian debian rhel google 10y ago The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors relat…
CVE-2016-1686 medium 6.5 6.5 suse susedebian debian rhel google 10y ago The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, wh…
CVE-2016-1685 medium 6.5 6.5 suse susedebian debian rhel google 10y ago core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read…
CVE-2016-1682 medium 6.1 6.1 suse susedebian debianubuntu ubuntu google 10y ago The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote…
CVE-2016-1677 medium 6.5 6.5 suse susedebian debianubuntu ubuntu google 10y ago uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeU…
CVE-2016-1670 medium 5.3 5.3 slesdebian debiansuse suse google 10y ago Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to mak…
CVE-2016-1665 medium 6.5 6.5 slessuse suse google 10y ago The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sen…
CVE-2016-1664 medium 4.3 4.3 slessuse suse google 10y ago The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and othe…
CVE-2016-1658 medium 4.3 4.3 debian debiansuse suse novellgoogle 10y ago The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and o…
CVE-2016-1657 medium 4.3 4.3 debian debiansuse suse novellgoogle 10y ago The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which…
CVE-2016-1654 medium 6.5 6.5 debian debianubuntu ubuntususe suse google 10y ago The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unk…
CVE-2016-1652 medium 6.1 6.1 debian debiansuse suse google 10y ago Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allow…
CVE-2016-2845 medium 5.3 5.3 google 10y ago The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remo…
CVE-2016-1640 medium 4.3 4.3 google 10y ago The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for …
CVE-2016-1638 medium 6.3 6.3 google 10y ago extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass inte…
CVE-2016-1637 medium 6.5 6.5 google 10y ago The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in Skia, as used in Google Chrome before 49.0.2623.75, mishandles arctangent calculations, which allows remote attackers to obtain se…
CVE-2016-1628 medium 6.3 6.3 FIX debian debian google 10y ago pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of se…
CVE-2016-1626 medium 4.3 4.3 FIX debian debiansuse suse google 10y ago The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a…
CVE-2016-1625 medium 4.3 4.3 debian debiansuse suse google 10y ago The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers …
CVE-2016-1618 medium 6.5 6.5 google 11y ago Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat …
CVE-2016-1617 medium 4.3 4.3 google 11y ago The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does no…
CVE-2016-1616 medium 4.3 4.3 google 11y ago The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocuse…
CVE-2016-1615 medium 6.5 6.5 google 11y ago The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors.
CVE-2016-1614 medium 4.3 4.3 google 11y ago The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization …
CVE-2015-6790 medium 4.3 google 11y ago The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, whi…
CVE-2015-6786 medium 4.3 google 11y ago The CSPSourceList::matches function in WebKit/Source/core/frame/csp/CSPSourceList.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts a blob:, data:, …
CVE-2015-6785 medium 4.3 google 11y ago The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts an x.y hostname as a…
CVE-2015-6784 medium 4.3 google 11y ago The page serializer in Google Chrome before 47.0.2526.73 mishandles Mark of the Web (MOTW) comments for URLs containing a "--" sequence, which might allow remote attackers to inject HTML via a crafte…
CVE-2015-6783 medium 4.3 google 11y ago The FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in crazy_linker (aka Crazy Linker) in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an…
CVE-2015-6782 medium 4.3 google 11y ago The Document::open function in WebKit/Source/core/dom/Document.cpp in Google Chrome before 47.0.2526.73 does not ensure that page-dismissal event handling is compatible with modal-dialog blocking, wh…
CVE-2015-6780 medium 6.8 google 11y ago Use-after-free vulnerability in the Infobars implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a c…
CVE-2015-6779 medium 4.3 google 11y ago PDFium, as used in Google Chrome before 47.0.2526.73, does not properly restrict use of chrome: URLs, which allows remote attackers to bypass intended scheme restrictions via a crafted PDF document, …
CVE-2015-6776 medium 6.8 google 11y ago The opj_dwt_decode_1* functions in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 47.0.2526.73, allow remote attackers to cause a denial of service (out-of-bounds array access) or possi…
CVE-2015-6761 medium 6.8 FIX debian debian ffmpeggoogle 11y ago The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threa…
CVE-2015-6759 medium 5.0 google 11y ago The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is c…
CVE-2015-6758 medium 6.8 google 11y ago The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, w…
CVE-2015-6756 medium 6.8 google 11y ago Use-after-free vulnerability in the CPDFSDK_PageView implementation in fpdfsdk/src/fsdk_mgr.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, allows remote attackers to cause a denial of s…
CVE-2015-6583 medium 4.3 google 11y ago Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof …
CVE-2015-6582 medium 6.8 google 11y ago The decompose function in platform/transforms/TransformationMatrix.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not verify that a matrix inversion succeeded, which allows remote a…
CVE-2015-1300 medium 5.0 google 11y ago The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availab…
CVE-2015-1298 medium 4.3 google 11y ago The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtime_api.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference corre…
CVE-2015-1296 medium 5.0 google 11y ago The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier …
CVE-2015-1292 medium 5.0 google 11y ago The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the S…
CVE-2015-1291 medium 6.4 google 11y ago The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote atta…
CVE-2015-4491 medium 6.8 FIX slesdebian debianubuntu ubuntu gnomegooglemozilla 11y ago Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on L…