|
265881
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does no…
|
CWE-200
Information Exposure
|
CVE-2016-1617
|
2024-11-21 11:46 |
2016-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265882
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocuse…
|
CWE-254
7PK - Security Features
|
CVE-2016-1616
|
2024-11-21 11:46 |
2016-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265883
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors.
|
CWE-254
7PK - Security Features
|
CVE-2016-1615
|
2024-11-21 11:46 |
2016-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265884
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization …
|
CWE-200
Information Exposure
|
CVE-2016-1614
|
2024-11-21 11:46 |
2016-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265885
|
7.6 |
HIGH
Network
|
google
|
chrome
|
Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have …
|
NVD-CWE-Other
|
CVE-2016-1613
|
2024-11-21 11:46 |
2016-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265886
|
7.6 |
HIGH
Network
|
google
|
chrome
|
The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, w…
|
CWE-20
Improper Input Validation
|
CVE-2016-1612
|
2024-11-21 11:46 |
2016-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265887
|
8.4 |
HIGH
Local
|
ecryptfs
canonical
opensuse
debian
fedoraproject
|
ecryptfs-utils
ubuntu_linux
leap
opensuse
debian_linux
fedora
|
mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated…
|
CWE-269
Improper Privilege Management
|
CVE-2016-1572
|
2024-11-21 11:46 |
2016-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265888
|
6.3 |
MEDIUM
Network
|
citrix
xen
|
xenserver
xen
|
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of…
|
CWE-17
Code
|
CVE-2016-1571
|
2024-11-21 11:46 |
2016-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265889
|
8.5 |
HIGH
Network
|
xen
|
xen
|
The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or hav…
|
CWE-20
Improper Input Validation
|
CVE-2016-1570
|
2024-11-21 11:46 |
2016-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265890
|
7.5 |
HIGH
Network
|
cisco
|
web_security_appliance
|
The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP met…
|
CWE-254
7PK - Security Features
|
CVE-2016-1296
|
2024-11-21 11:46 |
2016-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
