Adobe Reader and Acrobat Memory Corruption (APSB16-33: CVE-2016-6960)

A memory corruption vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error while loading a PDF containing a malicious JavaScript code. A remote attacker may exploit this issue by enticing a target user to open a malicious PDF file with an affected version of Adobe...

CVE-2016-5172

The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code...

Code injection

The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code...

Code injection

WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted JavaScript code...

CVE-2016-5172

The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code...

CVE-2016-5171

Removed by vendor...

CVE-2016-5171

CVE-2016-5171 affects Blink in Chromium/Chrome. WebKit/Source/bindings/templates/interface.cpp does not prevent certain constructor calls, enabling a remote attacker to trigger a use-after-free via crafted JavaScript, potentially causing denial of service and unspecified other impact. Affected: B...

CVE-2016-5172

Removed by vendor...

CVE-2016-5172

The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code...

chromium-browser: arbitrary memory read in v8

The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code...

CVE-2016-5172

The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code...

CVE-2016-5150

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database aka IndexedDB API implementation that does not properly restrict key-path evaluation, which allows remote...

CVE-2016-5150

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database aka IndexedDB API implementation that does not properly restrict key-path evaluation, which allows remote...

CVE-2016-5150

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database aka IndexedDB API implementation that does not properly restrict key-path evaluation, which allows remote...

QNAP QTS 'qname' Parameter XSS Vulnerability

QNAP QTS is prone to a cross-site scripting XSS vulnerability. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

chromium: multiple issues

CVE-2016-5139 arbitrary code execution Multiple integer overflows in the opjtcdinittile function in tcd.c in OpenJPEG, as used in PDFium, allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have other unspecified impact via crafted JPEG 2000 data. -...

WordPress Link Library 5.9.12.29 Cross Site Scripting

------------------------------------------------------------------------ Cross-Site Scripting in Link Library WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016 ------------------------------------------------------------------------...

OLX: XSS on Meta Tag at https://m.olx.ph

Hi, There is improper validation at q parameter on https://m.olx.ph/ where it can be manipulated by an attacker to include his/her XSS payload to execute javascript code. As example: https://m.olx.ph/all-results?q=0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgndGVzdDMnKTwvc2NyaXB0Pg"...

Design/Logic Flaw

The Web Cryptography API aka WebCrypto implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted JavaScript code,...

CVE-2016-5145

Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...