|
271251
|
6.3 |
MEDIUM
Network
|
google
|
chrome
|
extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass inte…
|
CWE-284
Improper Access Control
|
CVE-2016-1638
|
2024-11-21 11:46 |
2016-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271252
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in Skia, as used in Google Chrome before 49.0.2623.75, mishandles arctangent calculations, which allows remote attackers to obtain se…
|
CWE-200
Information Exposure
|
CVE-2016-1637
|
2024-11-21 11:46 |
2016-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271253
|
9.8 |
CRITICAL
Network
|
google
|
chrome
|
The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instea…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-1636
|
2024-11-21 11:46 |
2016-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271254
|
9.8 |
CRITICAL
Network
|
google
|
chrome
|
extensions/renderer/render_frame_observer_natives.cc in Google Chrome before 49.0.2623.75 does not properly consider object lifetimes and re-entrancy issues during OnDocumentElementCreated handling, …
|
NVD-CWE-Other
|
CVE-2016-1635
|
2024-11-21 11:46 |
2016-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271255
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows rem…
|
NVD-CWE-Other
|
CVE-2016-1634
|
2024-11-21 11:46 |
2016-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271256
|
9.8 |
CRITICAL
Network
|
google
|
chrome
|
Use-after-free vulnerability in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
NVD-CWE-Other
|
CVE-2016-1633
|
2024-11-21 11:46 |
2016-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271257
|
8.8 |
HIGH
Network
|
google
|
chrome
|
The Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly maintain own properties, which allows remote attackers to bypass intended access restrictions via crafted JavaScript co…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-1632
|
2024-11-21 11:46 |
2016-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271258
|
8.8 |
HIGH
Network
|
google
|
chrome
|
The PPB_Flash_MessageLoop_Impl::InternalRun function in content/renderer/pepper/ppb_flash_message_loop_impl.cc in the Pepper plugin in Google Chrome before 49.0.2623.75 mishandles nested message loop…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-1631
|
2024-11-21 11:46 |
2016-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271259
|
8.8 |
HIGH
Network
|
google
|
chrome
|
The ContainerNode::parserRemoveChild function in WebKit/Source/core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 49.0.2623.75, mishandles widget updates, which makes it easier for …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-1630
|
2024-11-21 11:46 |
2016-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271260
|
8.8 |
HIGH
Network
|
cisco
|
prime_infrastructure
|
Cisco Prime Infrastructure 3.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP request that is mishandled during viewing of a log file, aka Bug ID CSCuw81494.
|
CWE-20
Improper Input Validation
|
CVE-2016-1359
|
2024-11-21 11:46 |
2016-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
