Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1633 | 1 Google | 1 Chrome | 2016-12-02 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2016-1634 | 1 Google | 1 Chrome | 2016-12-02 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that triggers Cascading Style Sheets (CSS) style invalidation during a certain subtree-removal action. | |||||
| CVE-2016-1635 | 1 Google | 1 Chrome | 2016-12-02 | 10.0 HIGH | 9.8 CRITICAL |
| extensions/renderer/render_frame_observer_natives.cc in Google Chrome before 49.0.2623.75 does not properly consider object lifetimes and re-entrancy issues during OnDocumentElementCreated handling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2016-1636 | 1 Google | 1 Chrome | 2016-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource. | |||||
| CVE-2016-1637 | 1 Google | 1 Chrome | 2016-12-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in Skia, as used in Google Chrome before 49.0.2623.75, mishandles arctangent calculations, which allows remote attackers to obtain sensitive information via a crafted web site. | |||||
| CVE-2016-1638 | 1 Google | 1 Chrome | 2016-12-02 | 6.8 MEDIUM | 6.3 MEDIUM |
| extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restrictions via a crafted platform app. | |||||
| CVE-2016-1639 | 1 Google | 1 Chrome | 2016-12-02 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect reliance on the resource context pointer. | |||||
| CVE-2016-1640 | 1 Google | 1 Chrome | 2016-12-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the user's next navigation target via a crafted web site. | |||||
| CVE-2016-1641 | 1 Google | 1 Chrome | 2016-12-02 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an image download after a certain data structure is deleted, as demonstrated by a favicon.ico download. | |||||
| CVE-2016-1642 | 1 Google | 1 Chrome | 2016-12-02 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2016-1643 | 1 Google | 1 Chrome | 2016-12-02 | 9.3 HIGH | 8.8 HIGH |
| The ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly maintain the user agent shadow DOM, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | |||||
| CVE-2016-1644 | 1 Google | 1 Chrome | 2016-12-02 | 9.3 HIGH | 8.8 HIGH |
| WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted HTML document. | |||||
| CVE-2016-1034 | 1 Adobe | 1 Creative Cloud | 2016-12-02 | 9.4 HIGH | 9.1 CRITICAL |
| The Sync Process in the JavaScript API for Creative Cloud Libraries in Adobe Creative Cloud Desktop Application before 3.6.0.244 allows remote attackers to read or write to arbitrary files via unspecified vectors. | |||||
| CVE-2016-1035 | 1 Adobe | 1 Robohelp | 2016-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which allows attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-1036 | 1 Adobe | 1 Analytics Appmeasurement For Flash Library | 2016-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Adobe Analytics AppMeasurement for Flash Library before 4.0.1, when debugTracking is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-1256 | 1 Juniper | 1 Junos | 2016-12-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D40, 13.3 before 13.3R7, 14.1 before 14.1R5, 14.1X53 before 14.1X53-D18 or 14.1X53-D30, 14.1X55 before 14.1X55-D25, 14.2 before 14.2R4, 15.1 before 15.1R2, and 15.1X49 before 15.1X49-D10 allow remote attackers to cause a denial of service via a malformed IGMPv3 packet, aka a "multicast denial of service." | |||||
| CVE-2016-1257 | 1 Juniper | 1 Junos | 2016-12-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Routing Engine in Juniper Junos OS 13.2R5 through 13.2R8, 13.3R1 before 13.3R8, 13.3R7 before 13.3R7-S3, 14.1R1 before 14.1R6, 14.1R3 before 14.1R3-S9, 14.1R4 before 14.1R4-S7, 14.1X51 before 14.1X51-D65, 14.1X53 before 14.1X53-D12, 14.1X53 before 14.1X53-D28, 14.1X53 before 4.1X53-D35, 14.2R1 before 14.2R5, 14.2R3 before 14.2R3-S4, 14.2R4 before 14.2R4-S1, 15.1 before 15.1R3, 15.1F2 before 15.1F2-S2, and 15.1X49 before 15.1X49-D40, when LDP is enabled, allows remote attackers to cause a denial of service (RPD routing process crash) via a crafted LDP packet. | |||||
| CVE-2016-1258 | 1 Juniper | 1 Junos | 2016-12-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Embedthis Appweb, as used in J-Web in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R8, 14.1 before 14.1R6, and 14.2 before 14.2R5, allows remote attackers to cause a denial of service (J-Web crash) via unspecified vectors. | |||||
| CVE-2016-1260 | 1 Juniper | 1 Junos | 2016-12-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Juniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and 15.2 before 15.2R1 on EX4300 series switches allow remote attackers to cause a denial of service (network loop and bandwidth consumption) via unspecified vectors related to Spanning Tree Protocol (STP) traffic. | |||||
| CVE-2016-1262 | 1 Juniper | 1 Junos | 2016-12-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X48 before 12.3X48-D20, and 15.1X49 before 15.1X49-D30 on SRX series devices, when the Real Time Streaming Protocol Application Layer Gateway (RTSP ALG) is enabled, allow remote attackers to cause a denial of service (flowd crash) via a crafted RTSP packet. | |||||