423 matches found
CVE-2016-5190
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages...
CVE-2016-5181
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via crafted HTML pages...
CVE-2016-5189
Removed by vendor...
CVE-2016-5182
CVE-2016-5182 is a Google Chrome/Chromium Blink vulnerability described as a heap overflow in the ImageBitmap/bitmap handling path that could be triggered by a crafted HTML page. The issue allows a remote attacker to potentially achieve remote code execution on the affected host. Affected version...
CVE-2016-5193
Removed by vendor...
CVE-2016-5185
Removed by vendor...
CVE-2016-5182
Removed by vendor...
CVE-2016-5192
Removed by vendor...
CVE-2016-5188
Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages...
KLA10914 Multiple vulnerabilities in Google Chrome
Multiple serious vulnerabilities have been found in Google Chrome prior to 54.0.2840.59. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, inject code or possibly cause denial of service. Below is a complete list of vulnerabilities: 1. Missed...
Brave Software: links the user may download can be a malicious files
Hi, Summary: This vulnerability is pretty simple and pretty dangerous at the same time Almost any link the user tries to download it's extension is set according to the file extension in the path if the path is / then it download's it according to the domain name Eg: 1...
Sql injection
SQL injection vulnerability in the "Site Browser HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter...
dotCMS < 3.3.1 Multiple SQLi Vulnerabilities - Active Check
dotCMS is prone to multiple SQL injection SQLi vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dotcms:dotcms"; i...
CVE-2016-5181
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via crafted HTML pages...
CVE-2016-5182
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages...
CVE-2016-5185
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages...
CVE-2016-5187
Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox URL bar via crafted HTML pages...
CVE-2016-5188
Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages...
CVE-2016-5192
Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages...
UBUNTU-CVE-2016-5185
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages...