Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-1675

Summary
Assigner-Chrome
Assigner Org ID-ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At-05 Jun, 2016 | 23:00
Updated At-05 Aug, 2024 | 23:02
Rejected At-
Credits

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Chrome
Assigner Org ID:ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At:05 Jun, 2016 | 23:00
Updated At:05 Aug, 2024 | 23:02
Rejected At:
▼CVE Numbering Authority (CNA)

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://codereview.chromium.org/1858833003
x_refsource_CONFIRM
http://www.securityfocus.com/bid/90876
vdb-entry
x_refsource_BID
https://crbug.com/600182
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html
vendor-advisory
x_refsource_SUSE
http://www.securitytracker.com/id/1035981
vdb-entry
x_refsource_SECTRACK
http://www.debian.org/security/2016/dsa-3590
vendor-advisory
x_refsource_DEBIAN
http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2992-1
vendor-advisory
x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html
vendor-advisory
x_refsource_SUSE
https://access.redhat.com/errata/RHSA-2016:1190
vendor-advisory
x_refsource_REDHAT
https://security.gentoo.org/glsa/201607-07
vendor-advisory
x_refsource_GENTOO
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html
vendor-advisory
x_refsource_SUSE
Hyperlink: https://codereview.chromium.org/1858833003
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/90876
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://crbug.com/600182
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.securitytracker.com/id/1035981
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.debian.org/security/2016/dsa-3590
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ubuntu.com/usn/USN-2992-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1190
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://security.gentoo.org/glsa/201607-07
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html
Resource:
vendor-advisory
x_refsource_SUSE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://codereview.chromium.org/1858833003
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/90876
vdb-entry
x_refsource_BID
x_transferred
https://crbug.com/600182
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.securitytracker.com/id/1035981
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.debian.org/security/2016/dsa-3590
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html
x_refsource_CONFIRM
x_transferred
http://www.ubuntu.com/usn/USN-2992-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://access.redhat.com/errata/RHSA-2016:1190
vendor-advisory
x_refsource_REDHAT
x_transferred
https://security.gentoo.org/glsa/201607-07
vendor-advisory
x_refsource_GENTOO
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://codereview.chromium.org/1858833003
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/90876
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://crbug.com/600182
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.securitytracker.com/id/1035981
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.debian.org/security/2016/dsa-3590
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2992-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1190
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201607-07
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:chrome-cve-admin@google.com
Published At:05 Jun, 2016 | 23:59
Updated At:12 Apr, 2025 | 10:46

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Canonical Ltd.
canonical
>>ubuntu_linux>>14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>15.10
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>42.1
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>13.2
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_desktop>>6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server>>6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_workstation>>6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise>>12.0
cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>Versions up to 50.0.2661.102(inclusive)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-284Primarynvd@nist.gov
CWE ID: CWE-284
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.htmlchrome-cve-admin@google.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.htmlchrome-cve-admin@google.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.htmlchrome-cve-admin@google.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.htmlchrome-cve-admin@google.com
N/A
http://www.debian.org/security/2016/dsa-3590chrome-cve-admin@google.com
N/A
http://www.securityfocus.com/bid/90876chrome-cve-admin@google.com
N/A
http://www.securitytracker.com/id/1035981chrome-cve-admin@google.com
N/A
http://www.ubuntu.com/usn/USN-2992-1chrome-cve-admin@google.com
N/A
https://access.redhat.com/errata/RHSA-2016:1190chrome-cve-admin@google.com
N/A
https://codereview.chromium.org/1858833003chrome-cve-admin@google.com
N/A
https://crbug.com/600182chrome-cve-admin@google.com
N/A
https://security.gentoo.org/glsa/201607-07chrome-cve-admin@google.com
N/A
http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2016/dsa-3590af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/90876af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1035981af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-2992-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2016:1190af854a3a-2127-422b-91ae-364da2661108
N/A
https://codereview.chromium.org/1858833003af854a3a-2127-422b-91ae-364da2661108
N/A
https://crbug.com/600182af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.gentoo.org/glsa/201607-07af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2016/dsa-3590
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/90876
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1035981
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2992-1
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1190
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: https://codereview.chromium.org/1858833003
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: https://crbug.com/600182
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201607-07
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2016/dsa-3590
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/90876
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1035981
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2992-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1190
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://codereview.chromium.org/1858833003
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://crbug.com/600182
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201607-07
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2918Records found
CVE-2016-10065
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.22%
||
7 Day CHG~0.00%
Published-03 Mar, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

Action-Not Available
Vendor-n/aopenSUSEImageMagick Studio LLC
Product-leapimagemagickn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-9905
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.24% / 78.38%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-06 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverthunderbirddebian_linuxfirefox_esrenterprise_linux_workstationenterprise_linux_desktopThunderbirdFirefox ESR
CWE ID-CWE-284
Improper Access Control
CVE-2016-6703
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.86% / 74.11%
||
7 Day CHG~0.00%
Published-25 Nov, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability in an Android runtime library in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker using a specially crafted payload to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Android runtime. Android ID: A-30765246.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-284
Improper Access Control
CVE-2016-6702
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-1.57% / 80.80%
||
7 Day CHG~0.00%
Published-25 Nov, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-284
Improper Access Control
CVE-2016-6768
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.25% / 47.83%
||
7 Day CHG~0.00%
Published-12 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31631842.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-284
Improper Access Control
CVE-2016-6701
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.78% / 72.80%
||
7 Day CHG~0.00%
Published-25 Nov, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability in libskia in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of the gallery process. Android ID: A-30190637.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-284
Improper Access Control
CVE-2016-6771
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.43%
||
7 Day CHG~0.00%
Published-12 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability in Telephony could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 6.0, 6.0.1, 7.0. Android ID: A-31566390.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-284
Improper Access Control
CVE-2016-5386
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-87.61% / 99.43%
||
7 Day CHG~0.00%
Published-19 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Action-Not Available
Vendor-n/aOracle CorporationFedora ProjectGoRed Hat, Inc.
Product-enterprise_linux_server_ausenterprise_linux_serverfedoraenterprise_linux_server_eusgolinuxn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-5173
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-7.1||HIGH
EPSS-0.73% / 71.78%
||
7 Day CHG~0.00%
Published-25 Sep, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-3698
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-0.47% / 63.44%
||
7 Day CHG~0.00%
Published-13 Jun, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.

Action-Not Available
Vendor-libndpn/aRed Hat, Inc.Debian GNU/LinuxCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_server_ausdebian_linuxenterprise_linux_hpc_nodeenterprise_linux_desktopubuntu_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_hpc_node_euslibndpn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-3707
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-1.79% / 81.98%
||
7 Day CHG-0.09%
Published-27 Jun, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.

Action-Not Available
Vendor-n/aRed Hat, Inc.NovellLinux Kernel Organization, Inc
Product-suse_linux_enterprise_real_time_extensionenterprise_linux_for_real_timeenterprise_linux_for_real_time_for_nfvlinux_kernel-rtn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-1676
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.36% / 79.36%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

Action-Not Available
Vendor-n/aopenSUSESUSERed Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverleapopensuseenterprise_linux_desktopenterprise_linux_workstationchromedebian_linuxlinux_enterprisen/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-1866
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.89% / 74.64%
||
7 Day CHG~0.00%
Published-12 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream.

Action-Not Available
Vendor-saltstackn/aopenSUSE
Product-leapsaltn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-1696
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.98% / 75.84%
||
7 Day CHG+0.18%
Published-05 Jun, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

Action-Not Available
Vendor-n/aopenSUSESUSERed Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverleapopensuseenterprise_linux_desktopenterprise_linux_workstationchromedebian_linuxlinux_enterprisen/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-1672
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.36% / 79.36%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vectors.

Action-Not Available
Vendor-n/aopenSUSESUSERed Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverleapopensuseenterprise_linux_desktopenterprise_linux_workstationchromedebian_linuxlinux_enterprisen/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-1697
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.35% / 79.34%
||
7 Day CHG+0.24%
Published-05 Jun, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.

Action-Not Available
Vendor-n/aopenSUSESUSERed Hat, Inc.Google LLCDebian GNU/LinuxCanonical Ltd.
Product-enterprise_linux_serverleapopensuseubuntu_linuxenterprise_linux_desktopenterprise_linux_workstationchromedebian_linuxlinux_enterprisen/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-1638
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.3||MEDIUM
EPSS-0.77% / 72.47%
||
7 Day CHG~0.00%
Published-06 Mar, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restrictions via a crafted platform app.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-9190
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.57% / 67.47%
||
7 Day CHG~0.00%
Published-04 Nov, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.

Action-Not Available
Vendor-n/aDebian GNU/LinuxPython Software Foundation
Product-debian_linuxpillown/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-5206
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.30% / 52.76%
||
7 Day CHG~0.00%
Published-19 Jan, 2017 | 05:43
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromeGoogle Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android
CWE ID-CWE-284
Improper Access Control
CVE-2016-4286
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.42% / 84.49%
||
7 Day CHG~0.00%
Published-13 Oct, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to bypass intended access restrictions via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncRed Hat, Inc.Google LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_osenterprise_linux_serverlinux_kernelflash_player_desktop_runtimeenterprise_linux_desktopenterprise_linux_workstationwindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-3105
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.12%
||
7 Day CHG~0.00%
Published-09 May, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.

Action-Not Available
Vendor-mercurialn/aDebian GNU/Linux
Product-debian_linuxmercurialn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-3863
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-2.46% / 84.63%
||
7 Day CHG~0.00%
Published-11 Sep, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the AVCC reassembly implementation in Utils.cpp in libstagefright in MediaMuxer in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to execute arbitrary code via a crafted media file, aka internal bug 29161888.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-1667
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.62% / 69.00%
||
7 Day CHG~0.00%
Published-14 May, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/LinuxopenSUSE
Product-debian_linuxopensusechromen/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-1668
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.20% / 78.03%
||
7 Day CHG~0.00%
Published-14 May, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/LinuxopenSUSE
Product-debian_linuxopensusechromen/a
CWE ID-CWE-284
Improper Access Control
CVE-2013-6272
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.57%
||
7 Day CHG~0.00%
Published-02 May, 2018 | 15:00
Updated-06 Aug, 2024 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi or ussd codes, or hangup ongoing calls via a crafted application.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-284
Improper Access Control
CVE-2019-3895
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.69% / 70.88%
||
7 Day CHG~0.00%
Published-03 Jun, 2019 | 18:04
Updated-04 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image.

Action-Not Available
Vendor-OpenStackRed Hat, Inc.
Product-openstackoctaviaopenstack-tripleo-common
CWE ID-CWE-284
Improper Access Control
CVE-2011-1442
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.74% / 72.01%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 does not properly handle mutation events, which allows remote attackers to cause a denial of service (node tree corruption) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1456
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.74% / 72.01%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 does not properly handle PDF forms, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-2753
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.92% / 82.59%
||
7 Day CHG~0.00%
Published-31 Mar, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook.

Action-Not Available
Vendor-gaia-gisn/aDebian GNU/Linux
Product-debian_linuxfreexln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1455
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.87% / 74.24%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 does not properly handle PDF documents with multipart encoding, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2011-1439
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.25% / 47.92%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 on Linux does not properly isolate renderer processes, which has unspecified impact and remote attack vectors.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncGoogle LLC
Product-linux_kernelchromen/a
CVE-2011-1434
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.23% / 88.32%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 does not ensure thread safety during handling of MIME data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1445
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.69% / 70.84%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 does not properly handle SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2011-1448
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.70% / 71.09%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 does not properly perform height calculations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0780
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.48% / 64.36%
||
7 Day CHG~0.00%
Published-04 Feb, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PDF event handler in Google Chrome before 9.0.597.84 does not properly interact with print operations, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2011-1118
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.89% / 74.62%
||
7 Day CHG~0.00%
Published-01 Mar, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 9.0.597.107 does not properly handle TEXTAREA elements, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1400
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.15% / 83.55%
||
7 Day CHG~0.00%
Published-25 Mar, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxtex-commondebian_linuxn/a
CVE-2011-1364
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 36.03%
||
7 Day CHG~0.00%
Published-30 Oct, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter.

Action-Not Available
Vendor-n/aGoogle LLC
Product-app_engine_python_sdkn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-1484
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.20% / 78.02%
||
7 Day CHG~0.00%
Published-27 Jul, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_enterprise_soa_platformjboss_enterprise_application_platformjboss_seam_2_frameworkn/a
CVE-2011-1440
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.48% / 84.67%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.

Action-Not Available
Vendor-n/aApple Inc.Debian GNU/LinuxGoogle LLC
Product-debian_linuxitunessafarichromen/a
CWE ID-CWE-416
Use After Free
CVE-2011-1449
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.34% / 84.23%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-iphone_ositunessafarichromen/a
CWE ID-CWE-416
Use After Free
CVE-2011-0784
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.72% / 81.64%
||
7 Day CHG~0.00%
Published-04 Feb, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Google Chrome before 9.0.597.84 allows remote attackers to execute arbitrary code via vectors related to audio.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2016-1613
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.6||HIGH
EPSS-0.87% / 74.28%
||
7 Day CHG~0.00%
Published-25 Jan, 2016 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2011-1441
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.70% / 71.09%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 does not properly perform a cast of an unspecified variable during handling of floating select lists, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2011-1108
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.89% / 74.62%
||
7 Day CHG~0.00%
Published-01 Mar, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 9.0.597.107 does not properly implement JavaScript dialogs, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2011-1444
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.69% / 70.88%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the sandbox launcher implementation in Google Chrome before 11.0.696.57 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxGoogle LLC
Product-linux_kerneldebian_linuxchromen/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-24616
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-3.78% / 87.60%
||
7 Day CHG~0.00%
Published-25 Aug, 2020 | 17:04
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationFasterXML, LLC.NetApp, Inc.
Product-communications_diameter_signaling_routercommunications_contacts_servercommunications_messaging_servercommunications_offline_mediation_controlleridentity_manager_connectorsiebel_ui_frameworkactive_iq_unified_managercommunications_session_report_managercommunications_instant_messaging_serverautovue_for_agile_product_lifecycle_managementagile_plmcommunications_policy_managementbanking_supply_chain_financedebian_linuxblockchain_platformcommunications_cloud_native_core_unified_data_repositoryjackson-databindcommunications_pricing_design_centercommunications_calendar_serverbanking_liquidity_managementcommunications_evolved_communications_application_servercommunications_unified_inventory_managementapplication_testing_suitecommunications_services_gatekeepercommunications_element_managern/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-24379
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.00% / 76.01%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 18:10
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.

Action-Not Available
Vendor-yawsn/aCanonical Ltd.Debian GNU/Linux
Product-yawsdebian_linuxubuntu_linuxn/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2011-1437
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.70% / 71.09%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in Google Chrome before 11.0.696.57 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float rendering.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2011-1588
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.44%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 01:51
Updated-06 Aug, 2024 | 22:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error.

Action-Not Available
Vendor-xfcethunarDebian GNU/LinuxopenSUSE
Product-debian_linuxopensusethunarthunar
CWE ID-CWE-134
Use of Externally-Controlled Format String
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 58
  • 59
  • Next
Details not found