|
267441
|
6.1 |
MEDIUM
Network
|
cisco
|
prime_service_catalog
|
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Prime Service Catalog (PSC) 11.0 allows remote attackers to inject arbitrary web script or HTML via a crafted v…
|
CWE-79
Cross-site Scripting
|
CVE-2016-1462
|
2024-11-21 11:46 |
2016-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267442
|
6.5 |
MEDIUM
Adjacent
|
cisco
|
wireless_lan_controller_software
|
Cisco Wireless LAN Controller (WLC) devices 7.4(121.0) and 8.0(0.30220.385) allow remote attackers to cause a denial of service via crafted wireless management frames, aka Bug ID CSCun92979.
|
CWE-399
Resource Management Errors
|
CVE-2016-1460
|
2024-11-21 11:46 |
2016-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267443
|
8.8 |
HIGH
Network
|
cisco
|
unified_computing_system_performance_manager
|
The web framework in Cisco Unified Computing System (UCS) Performance Manager 2.0.0 and earlier allows remote authenticated users to execute arbitrary commands via crafted parameters in a GET request…
|
CWE-20
Improper Input Validation
|
CVE-2016-1374
|
2024-11-21 11:46 |
2016-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267444
|
8.8 |
HIGH
Network
|
google
|
chrome
|
WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows …
|
CWE-285
Improper Authorization
|
CVE-2016-1711
|
2024-11-21 11:46 |
2016-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267445
|
8.8 |
HIGH
Network
|
google
|
chrome
|
The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which…
|
CWE-285
Improper Authorization
|
CVE-2016-1710
|
2024-11-21 11:46 |
2016-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267446
|
8.8 |
HIGH
Network
|
google
|
sfntly
chrome
|
Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a deni…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-1709
|
2024-11-21 11:46 |
2016-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267447
|
8.8 |
HIGH
Network
|
google
|
chrome
|
The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which…
|
CWE-416
Use After Free
|
CVE-2016-1708
|
2024-11-21 11:46 |
2016-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267448
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof…
|
CWE-20
Improper Input Validation
|
CVE-2016-1707
|
2024-11-21 11:46 |
2016-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267449
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows re…
|
CWE-20
Improper Input Validation
|
CVE-2016-1706
|
2024-11-21 11:46 |
2016-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267450
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2016-1705
|
2024-11-21 11:46 |
2016-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
