|
265061
|
8.8 |
HIGH
Network
|
google
|
chrome
|
WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of …
|
CWE-416
Use After Free
|
CVE-2016-5171
|
2024-11-21 11:53 |
2016-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265062
|
8.8 |
HIGH
Network
|
google
|
chrome
|
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which al…
|
CWE-416
Use After Free
|
CVE-2016-5170
|
2024-11-21 11:53 |
2016-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265063
|
8.8 |
HIGH
Network
|
google
|
chrome_os
|
Format string vulnerability in Google Chrome OS before 53.0.2785.103 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2016-5169
|
2024-11-21 11:53 |
2016-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265064
|
8.8 |
HIGH
Network
|
iodata
|
hvl-a2.0_firmware
hvl-a3.0_firmware
hvl-a4.0_firmware
hvl-at1.0s_firmware
hvl-at2.0_firmware
hvl-at2.0a_firmware
hvl-at3.0_firmware
hvl-at3.0a_firmware
hvl-at4.0_firmware
h…
|
Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmw…
|
CWE-352
Origin Validation Error
|
CVE-2016-4845
|
2024-11-21 11:53 |
2016-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265065
|
7.4 |
HIGH
Network
|
mozilla
|
firefox
|
Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spo…
|
CWE-20
Improper Input Validation
|
CVE-2016-5284
|
2024-11-21 11:53 |
2016-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265066
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
|
Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions …
|
CWE-284
Improper Access Control
|
CVE-2016-5283
|
2024-11-21 11:53 |
2016-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265067
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a…
|
CWE-200
Information Exposure
|
CVE-2016-5282
|
2024-11-21 11:53 |
2016-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265068
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
|
Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by levera…
|
CWE-416
Use After Free
|
CVE-2016-5281
|
2024-11-21 11:53 |
2016-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265069
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
|
Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows rem…
|
CWE-416
Use After Free
|
CVE-2016-5280
|
2024-11-21 11:53 |
2016-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265070
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code.
|
CWE-200
Information Exposure
|
CVE-2016-5279
|
2024-11-21 11:53 |
2016-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
