|
265031
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages.
|
CWE-20
Improper Input Validation
|
CVE-2016-5188
|
2024-11-21 11:53 |
2016-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265032
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) v…
|
CWE-20
Improper Input Validation
|
CVE-2016-5187
|
2024-11-21 11:53 |
2016-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265033
|
5.3 |
MEDIUM
Local
|
google
|
chrome
|
Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out …
|
CWE-125
Out-of-bounds Read
|
CVE-2016-5186
|
2024-11-21 11:53 |
2016-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265034
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote…
|
CWE-416
Use After Free
|
CVE-2016-5185
|
2024-11-21 11:53 |
2016-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265035
|
8.8 |
HIGH
Network
|
google
|
chrome
|
PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remot…
|
CWE-416
Use After Free
|
CVE-2016-5184
|
2024-11-21 11:53 |
2016-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265036
|
8.8 |
HIGH
Network
|
google
|
chrome
|
A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafte…
|
CWE-416
Use After Free
|
CVE-2016-5183
|
2024-11-21 11:53 |
2016-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265037
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially explo…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-5182
|
2024-11-21 11:53 |
2016-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265038
|
6.1 |
MEDIUM
Network
|
google
|
chrome
|
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a rem…
|
CWE-79
Cross-site Scripting
|
CVE-2016-5181
|
2024-11-21 11:53 |
2016-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265039
|
6.1 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context …
|
CWE-79
Cross-site Scripting
|
CVE-2016-5124
|
2024-11-21 11:53 |
2016-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265040
|
6.1 |
MEDIUM
Network
|
naver
|
ngrinder
|
Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter …
|
CWE-79
Cross-site Scripting
|
CVE-2016-5060
|
2024-11-21 11:53 |
2016-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
