CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
7001 CVE-2016-5215 416 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
7002 CVE-2016-5213 416 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
7003 CVE-2016-5211 416 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
7004 CVE-2016-5210 787 Overflow 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
7005 CVE-2016-5209 787 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
7006 CVE-2016-5206 284 Bypass 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.
7007 CVE-2016-5203 416 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
7008 CVE-2016-5200 119 Overflow 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
7009 CVE-2016-5199 119 Overflow 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
7010 CVE-2016-5198 125 Exec Code 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.
7011 CVE-2016-5197 20 2017-01-19 2017-01-20
6.8
None Remote Medium Not required Partial Partial Partial
The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page.
7012 CVE-2016-5196 254 2017-01-19 2017-01-20
6.8
None Remote Medium Not required Partial Partial Partial
The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page.
7013 CVE-2016-5190 416 2016-12-17 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.
7014 CVE-2016-5186 125 2016-12-17 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files.
7015 CVE-2016-5185 416 2016-12-17 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.
7016 CVE-2016-5184 416 2016-12-17 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files.
7017 CVE-2016-5183 416 2016-12-17 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files.
7018 CVE-2016-5182 119 Overflow 2016-12-17 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages.
7019 CVE-2016-5177 416 DoS 2017-05-23 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.
7020 CVE-2016-5175 DoS 2016-09-25 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
7021 CVE-2016-5173 284 Bypass 2016-09-25 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.
7022 CVE-2016-5171 416 DoS 2016-09-25 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.
7023 CVE-2016-5170 416 DoS 2016-09-25 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.
7024 CVE-2016-5169 DoS 2016-09-25 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Format string vulnerability in Google Chrome OS before 53.0.2785.103 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
7025 CVE-2016-5161 704 DoS 2016-09-11 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages "type confusion" in the StylePropertySerializer class.
7026 CVE-2016-5159 190 DoS Overflow 2016-09-11 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c.
7027 CVE-2016-5158 190 DoS Overflow 2016-09-11 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.
7028 CVE-2016-5157 119 Exec Code Overflow 2016-09-11 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.
7029 CVE-2016-5156 416 DoS 2016-09-11 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
7030 CVE-2016-5154 119 DoS Overflow 2016-09-11 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image.
7031 CVE-2016-5153 19 DoS 2016-09-11 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site.
7032 CVE-2016-5152 190 DoS Overflow 2016-09-11 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.
7033 CVE-2016-5151 416 DoS 2016-09-11 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp.
7034 CVE-2016-5150 416 DoS 2016-09-11 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects.
7035 CVE-2016-5149 94 2016-09-11 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL.
7036 CVE-2016-5145 254 Bypass 2016-08-07 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
7037 CVE-2016-5139 119 DoS Overflow 2016-08-07 2018-07-20
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.
7038 CVE-2016-5138 190 DoS Overflow 2016-07-31 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the kbasep_vinstr_attach_client function in midgard/mali_kbase_vinstr.c in Google Chrome before 52.0.2743.85 allows remote attackers to cause a denial of service (heap-based buffer overflow and use-after-free) by leveraging an unrestricted multiplication.
7039 CVE-2016-5136 416 DoS 2016-07-23 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion.
7040 CVE-2016-5132 254 Bypass 2016-07-23 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element.
7041 CVE-2016-5131 416 DoS 2016-07-23 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
7042 CVE-2016-5129 119 DoS Overflow Mem. Corr. 2016-07-23 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.
7043 CVE-2016-5128 254 Bypass 2016-07-23 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
7044 CVE-2016-5127 416 DoS 2016-07-23 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element.
7045 CVE-2016-5116 119 DoS Overflow +Info 2016-08-07 2018-10-30
6.4
None Remote Low Not required Partial None Partial
gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.
7046 CVE-2016-5114 125 DoS Overflow +Info 2016-08-07 2018-01-04
6.4
None Remote Low Not required Partial None Partial
sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging.
7047 CVE-2016-5091 254 Exec Code +Info 2017-01-23 2017-01-26
6.8
None Remote Medium Not required Partial Partial Partial
Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.
7048 CVE-2016-5072 94 Exec Code 2017-04-09 2017-04-14
6.5
None Remote Low Single system Partial Partial Partial
OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9.
7049 CVE-2016-5045 200 +Info 2017-07-03 2017-07-05
6.8
None Remote Medium Not required Partial Partial Partial
NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup.
7050 CVE-2016-5025 20 DoS 2016-11-08 2019-05-30
6.1
None Local Low Not required Partial Partial Complete
For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVAPI support layer causes a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.