Search criteria
168 vulnerabilities found for enterprise_linux_desktop_supplementary by redhat
CVE-2016-1666 (GCVE-0-2016-1666)
Vulnerability from nvd – Published: 2016-05-14 21:00 – Updated: 2024-08-05 23:02
VLAI?
Summary
Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:12.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=601001"
},
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=605491"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/607652"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=601001"
},
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=605491"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/607652"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-1666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/chromium/issues/detail?id=601001",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=601001"
},
{
"name": "openSUSE-SU-2016:1208",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "DSA-3564",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "https://bugs.chromium.org/p/chromium/issues/detail?id=605491",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=605491"
},
{
"name": "https://crbug.com/607652",
"refsource": "CONFIRM",
"url": "https://crbug.com/607652"
},
{
"name": "openSUSE-SU-2016:1209",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"name": "89106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-1666",
"datePublished": "2016-05-14T21:00:00",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:12.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1665 (GCVE-0-2016-1665)
Vulnerability from nvd – Published: 2016-05-14 21:00 – Updated: 2024-08-05 23:02
VLAI?
Summary
The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:12.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/606181"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1925463003"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/606181"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1925463003"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-1665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1208",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "https://crbug.com/606181",
"refsource": "CONFIRM",
"url": "https://crbug.com/606181"
},
{
"name": "https://codereview.chromium.org/1925463003",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1925463003"
},
{
"name": "DSA-3564",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"name": "89106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-1665",
"datePublished": "2016-05-14T21:00:00",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:12.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1664 (GCVE-0-2016-1664)
Vulnerability from nvd – Published: 2016-05-14 21:00 – Updated: 2024-08-05 23:02
VLAI?
Summary
The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:12.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/597322"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1848813005/"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/597322"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1848813005/"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-1664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1208",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "https://crbug.com/597322",
"refsource": "CONFIRM",
"url": "https://crbug.com/597322"
},
{
"name": "DSA-3564",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "https://codereview.chromium.org/1848813005/",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1848813005/"
},
{
"name": "openSUSE-SU-2016:1209",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "89106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-1664",
"datePublished": "2016-05-14T21:00:00",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:12.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1663 (GCVE-0-2016-1663)
Vulnerability from nvd – Published: 2016-05-14 21:00 – Updated: 2024-08-05 23:02
VLAI?
Summary
The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:12.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/603987"
},
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1904913002/"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/603987"
},
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1904913002/"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-1663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/603987",
"refsource": "CONFIRM",
"url": "https://crbug.com/603987"
},
{
"name": "openSUSE-SU-2016:1208",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "DSA-3564",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"name": "https://codereview.chromium.org/1904913002/",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1904913002/"
},
{
"name": "89106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-1663",
"datePublished": "2016-05-14T21:00:00",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:12.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1662 (GCVE-0-2016-1662)
Vulnerability from nvd – Published: 2016-05-14 21:00 – Updated: 2024-08-05 23:02
VLAI?
Summary
extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:12.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1887423002"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/603732"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1887423002"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/603732"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-1662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1208",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "https://codereview.chromium.org/1887423002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1887423002"
},
{
"name": "DSA-3564",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "89106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "https://crbug.com/603732",
"refsource": "CONFIRM",
"url": "https://crbug.com/603732"
},
{
"name": "GLSA-201605-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-1662",
"datePublished": "2016-05-14T21:00:00",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:12.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1661 (GCVE-0-2016-1661)
Vulnerability from nvd – Published: 2016-05-14 21:00 – Updated: 2024-08-05 23:02
VLAI?
Summary
Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:12.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1887553002/"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/601629"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1887553002/"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/601629"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-1661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1208",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "DSA-3564",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"name": "https://codereview.chromium.org/1887553002/",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1887553002/"
},
{
"name": "89106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "https://crbug.com/601629",
"refsource": "CONFIRM",
"url": "https://crbug.com/601629"
},
{
"name": "openSUSE-SU-2016:1207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-1661",
"datePublished": "2016-05-14T21:00:00",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:12.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1660 (GCVE-0-2016-1660)
Vulnerability from nvd – Published: 2016-05-14 21:00 – Updated: 2024-08-05 23:02
VLAI?
Summary
Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:12.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/574802"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1677363002"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1672603002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/574802"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1677363002"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1672603002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-1660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1208",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "https://crbug.com/574802",
"refsource": "CONFIRM",
"url": "https://crbug.com/574802"
},
{
"name": "DSA-3564",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"name": "https://codereview.chromium.org/1677363002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1677363002"
},
{
"name": "89106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-02"
},
{
"name": "https://codereview.chromium.org/1672603002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1672603002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-1660",
"datePublished": "2016-05-14T21:00:00",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:12.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8540 (GCVE-0-2015-8540)
Vulnerability from nvd – Published: 2016-04-14 14:00 – Updated: 2024-08-06 08:20
VLAI?
Summary
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:42.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/"
},
{
"name": "GLSA-201611-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-08"
},
{
"name": "[oss-security] 20151211 Re: Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/11/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/"
},
{
"name": "RHSA-2016:1430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"name": "[oss-security] 20151210 CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/"
},
{
"name": "[oss-security] 20151211 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/11/1"
},
{
"name": "[oss-security] 20151210 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/"
},
{
"name": "DSA-3443",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3443"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/libpng/bugs/244/"
},
{
"name": "80592",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/80592"
},
{
"name": "[oss-security] 20151217 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/17/10"
},
{
"name": "FEDORA-2015-3868cfa17b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:06:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/"
},
{
"name": "GLSA-201611-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-08"
},
{
"name": "[oss-security] 20151211 Re: Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/11/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/"
},
{
"name": "RHSA-2016:1430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"name": "[oss-security] 20151210 CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/"
},
{
"name": "[oss-security] 20151211 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/11/1"
},
{
"name": "[oss-security] 20151210 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/"
},
{
"name": "DSA-3443",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3443"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/libpng/bugs/244/"
},
{
"name": "80592",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/80592"
},
{
"name": "[oss-security] 20151217 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/17/10"
},
{
"name": "FEDORA-2015-3868cfa17b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/"
},
{
"name": "GLSA-201611-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-08"
},
{
"name": "[oss-security] 20151211 Re: Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/11/2"
},
{
"name": "http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/"
},
{
"name": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/"
},
{
"name": "RHSA-2016:1430",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"name": "[oss-security] 20151210 CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/6"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/"
},
{
"name": "[oss-security] 20151211 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/11/1"
},
{
"name": "[oss-security] 20151210 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/7"
},
{
"name": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/"
},
{
"name": "DSA-3443",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3443"
},
{
"name": "http://sourceforge.net/p/libpng/bugs/244/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/libpng/bugs/244/"
},
{
"name": "80592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/80592"
},
{
"name": "[oss-security] 20151217 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/17/10"
},
{
"name": "FEDORA-2015-3868cfa17b",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8540",
"datePublished": "2016-04-14T14:00:00",
"dateReserved": "2015-12-10T00:00:00",
"dateUpdated": "2024-08-06T08:20:42.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2051 (GCVE-0-2016-2051)
Vulnerability from nvd – Published: 2016-01-25 11:00 – Updated: 2024-08-05 23:17
VLAI?
Summary
Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:0072",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0072.html"
},
{
"name": "USN-2877-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2877-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
},
{
"name": "1034801",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034801"
},
{
"name": "81431",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/81431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "RHSA-2016:0072",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0072.html"
},
{
"name": "USN-2877-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2877-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
},
{
"name": "1034801",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034801"
},
{
"name": "81431",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/81431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-2051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:0072",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0072.html"
},
{
"name": "USN-2877-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2877-1"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
},
{
"name": "1034801",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034801"
},
{
"name": "81431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/81431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-2051",
"datePublished": "2016-01-25T11:00:00",
"dateReserved": "2016-01-24T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1289 (GCVE-0-2015-1289)
Vulnerability from nvd – Published: 2015-07-23 00:00 – Updated: 2024-08-06 04:40
VLAI?
Summary
Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=512110"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/506749"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/495682"
},
{
"name": "RHSA-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/471990"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/458024"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/459898"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/404462"
},
{
"name": "openSUSE-SU-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/477713"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/487286"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/484432"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/485855"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/486004"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/398235"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/507821"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/504692"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/491216"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/478575"
},
{
"name": "75973",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75973"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/401995"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/492981"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/460938"
},
{
"name": "DSA-3315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3315"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/492448"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=512110"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/506749"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/495682"
},
{
"name": "RHSA-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/471990"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/458024"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/459898"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/404462"
},
{
"name": "openSUSE-SU-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/477713"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/487286"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/484432"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/485855"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/486004"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/398235"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/507821"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/504692"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/491216"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/478575"
},
{
"name": "75973",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75973"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/401995"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/492981"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/460938"
},
{
"name": "DSA-3315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3315"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/492448"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=512110",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=512110"
},
{
"name": "https://crbug.com/506749",
"refsource": "CONFIRM",
"url": "https://crbug.com/506749"
},
{
"name": "https://crbug.com/495682",
"refsource": "CONFIRM",
"url": "https://crbug.com/495682"
},
{
"name": "RHSA-2015:1499",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "https://crbug.com/471990",
"refsource": "CONFIRM",
"url": "https://crbug.com/471990"
},
{
"name": "https://crbug.com/458024",
"refsource": "CONFIRM",
"url": "https://crbug.com/458024"
},
{
"name": "https://crbug.com/459898",
"refsource": "CONFIRM",
"url": "https://crbug.com/459898"
},
{
"name": "https://crbug.com/404462",
"refsource": "CONFIRM",
"url": "https://crbug.com/404462"
},
{
"name": "openSUSE-SU-2015:1287",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033031"
},
{
"name": "https://crbug.com/477713",
"refsource": "CONFIRM",
"url": "https://crbug.com/477713"
},
{
"name": "https://crbug.com/487286",
"refsource": "CONFIRM",
"url": "https://crbug.com/487286"
},
{
"name": "https://crbug.com/484432",
"refsource": "CONFIRM",
"url": "https://crbug.com/484432"
},
{
"name": "https://crbug.com/485855",
"refsource": "CONFIRM",
"url": "https://crbug.com/485855"
},
{
"name": "https://crbug.com/486004",
"refsource": "CONFIRM",
"url": "https://crbug.com/486004"
},
{
"name": "https://crbug.com/398235",
"refsource": "CONFIRM",
"url": "https://crbug.com/398235"
},
{
"name": "https://crbug.com/507821",
"refsource": "CONFIRM",
"url": "https://crbug.com/507821"
},
{
"name": "GLSA-201603-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "https://crbug.com/504692",
"refsource": "CONFIRM",
"url": "https://crbug.com/504692"
},
{
"name": "https://crbug.com/491216",
"refsource": "CONFIRM",
"url": "https://crbug.com/491216"
},
{
"name": "https://crbug.com/478575",
"refsource": "CONFIRM",
"url": "https://crbug.com/478575"
},
{
"name": "75973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75973"
},
{
"name": "https://crbug.com/401995",
"refsource": "CONFIRM",
"url": "https://crbug.com/401995"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "https://crbug.com/492981",
"refsource": "CONFIRM",
"url": "https://crbug.com/492981"
},
{
"name": "https://crbug.com/460938",
"refsource": "CONFIRM",
"url": "https://crbug.com/460938"
},
{
"name": "DSA-3315",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3315"
},
{
"name": "https://crbug.com/492448",
"refsource": "CONFIRM",
"url": "https://crbug.com/492448"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2015-1289",
"datePublished": "2015-07-23T00:00:00",
"dateReserved": "2015-01-21T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1288 (GCVE-0-2015-1288)
Vulnerability from nvd – Published: 2015-07-23 00:00 – Updated: 2024-08-06 04:40
VLAI?
Summary
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1056103005"
},
{
"name": "openSUSE-SU-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=479162"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "75973",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75973"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "RHSA-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1056103005"
},
{
"name": "openSUSE-SU-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=479162"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "75973",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75973"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3315"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1499",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "https://codereview.chromium.org/1056103005",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1056103005"
},
{
"name": "openSUSE-SU-2015:1287",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033031"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=479162",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=479162"
},
{
"name": "GLSA-201603-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "75973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75973"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3315"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2015-1288",
"datePublished": "2015-07-23T00:00:00",
"dateReserved": "2015-01-21T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1287 (GCVE-0-2015-1287)
Vulnerability from nvd – Published: 2015-07-23 00:00 – Updated: 2024-08-06 04:40
VLAI?
Summary
Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to core/fetch/CSSStyleSheetResource.cpp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "openSUSE-SU-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://src.chromium.org/viewvc/blink?revision=195266\u0026view=revision"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=419383"
},
{
"name": "75973",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75973"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to core/fetch/CSSStyleSheetResource.cpp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "RHSA-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "openSUSE-SU-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://src.chromium.org/viewvc/blink?revision=195266\u0026view=revision"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=419383"
},
{
"name": "75973",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75973"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3315"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to core/fetch/CSSStyleSheetResource.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1499",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "openSUSE-SU-2015:1287",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033031"
},
{
"name": "https://src.chromium.org/viewvc/blink?revision=195266\u0026view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=195266\u0026view=revision"
},
{
"name": "GLSA-201603-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=419383",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=419383"
},
{
"name": "75973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75973"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3315"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2015-1287",
"datePublished": "2015-07-23T00:00:00",
"dateReserved": "2015-01-21T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1286 (GCVE-0-2015-1286)
Vulnerability from nvd – Published: 2015-07-23 00:00 – Updated: 2024-08-06 04:40
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink "Universal XSS (UXSS)."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1235863003/"
},
{
"name": "openSUSE-SU-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=504011"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1231803002/"
},
{
"name": "75973",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75973"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink \"Universal XSS (UXSS).\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "RHSA-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1235863003/"
},
{
"name": "openSUSE-SU-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=504011"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1231803002/"
},
{
"name": "75973",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75973"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3315"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink \"Universal XSS (UXSS).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1499",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "https://codereview.chromium.org/1235863003/",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1235863003/"
},
{
"name": "openSUSE-SU-2015:1287",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033031"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=504011",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=504011"
},
{
"name": "GLSA-201603-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "https://codereview.chromium.org/1231803002/",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1231803002/"
},
{
"name": "75973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75973"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3315"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2015-1286",
"datePublished": "2015-07-23T00:00:00",
"dateReserved": "2015-01-21T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1285 (GCVE-0-2015-1285)
Vulnerability from nvd – Published: 2015-07-23 00:00 – Updated: 2024-08-06 04:40
VLAI?
Summary
The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=498982"
},
{
"name": "RHSA-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "openSUSE-SU-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://src.chromium.org/viewvc/blink?revision=196971\u0026view=revision"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "75973",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75973"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=498982"
},
{
"name": "RHSA-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "openSUSE-SU-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://src.chromium.org/viewvc/blink?revision=196971\u0026view=revision"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "75973",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75973"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3315"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=498982",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=498982"
},
{
"name": "RHSA-2015:1499",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "openSUSE-SU-2015:1287",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033031"
},
{
"name": "https://src.chromium.org/viewvc/blink?revision=196971\u0026view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=196971\u0026view=revision"
},
{
"name": "GLSA-201603-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "75973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75973"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3315"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2015-1285",
"datePublished": "2015-07-23T00:00:00",
"dateReserved": "2015-01-21T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1284 (GCVE-0-2015-1284)
Vulnerability from nvd – Published: 2015-07-23 00:00 – Updated: 2024-08-06 04:40
VLAI?
Summary
The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "openSUSE-SU-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033031"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=493243"
},
{
"name": "75973",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75973"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3315"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://src.chromium.org/viewvc/blink?revision=197139\u0026view=revision"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page\u0027s maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "RHSA-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "openSUSE-SU-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033031"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=493243"
},
{
"name": "75973",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75973"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3315"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://src.chromium.org/viewvc/blink?revision=197139\u0026view=revision"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page\u0027s maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1499",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "openSUSE-SU-2015:1287",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033031"
},
{
"name": "GLSA-201603-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=493243",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=493243"
},
{
"name": "75973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75973"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3315"
},
{
"name": "https://src.chromium.org/viewvc/blink?revision=197139\u0026view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=197139\u0026view=revision"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2015-1284",
"datePublished": "2015-07-23T00:00:00",
"dateReserved": "2015-01-21T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1282 (GCVE-0-2015-1282)
Vulnerability from nvd – Published: 2015-07-23 00:00 – Updated: 2024-08-06 04:40
VLAI?
Summary
Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to the (1) Document::delay and (2) Document::DoFieldDelay functions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pdfium.googlesource.com/pdfium/+/4ff7a4246c81a71b4f878e959b3ca304cd76ec8a"
},
{
"name": "RHSA-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "openSUSE-SU-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=487928"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "75973",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75973"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to the (1) Document::delay and (2) Document::DoFieldDelay functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pdfium.googlesource.com/pdfium/+/4ff7a4246c81a71b4f878e959b3ca304cd76ec8a"
},
{
"name": "RHSA-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "openSUSE-SU-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=487928"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "75973",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75973"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3315"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to the (1) Document::delay and (2) Document::DoFieldDelay functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pdfium.googlesource.com/pdfium/+/4ff7a4246c81a71b4f878e959b3ca304cd76ec8a",
"refsource": "CONFIRM",
"url": "https://pdfium.googlesource.com/pdfium/+/4ff7a4246c81a71b4f878e959b3ca304cd76ec8a"
},
{
"name": "RHSA-2015:1499",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "openSUSE-SU-2015:1287",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033031"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=487928",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=487928"
},
{
"name": "GLSA-201603-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "75973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75973"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3315"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2015-1282",
"datePublished": "2015-07-23T00:00:00",
"dateReserved": "2015-01-21T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1281 (GCVE-0-2015-1281)
Vulnerability from nvd – Published: 2015-07-23 00:00 – Updated: 2024-08-06 04:40
VLAI?
Summary
core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image from an unintended source.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "openSUSE-SU-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://src.chromium.org/viewvc/blink?revision=196071\u0026view=revision"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=487155"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "75973",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75973"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image from an unintended source."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "RHSA-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "openSUSE-SU-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://src.chromium.org/viewvc/blink?revision=196071\u0026view=revision"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=487155"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "75973",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75973"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3315"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image from an unintended source."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1499",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "openSUSE-SU-2015:1287",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033031"
},
{
"name": "https://src.chromium.org/viewvc/blink?revision=196071\u0026view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=196071\u0026view=revision"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=487155",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=487155"
},
{
"name": "GLSA-201603-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "75973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75973"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3315"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2015-1281",
"datePublished": "2015-07-23T00:00:00",
"dateReserved": "2015-01-21T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1280 (GCVE-0-2015-1280)
Vulnerability from nvd – Published: 2015-07-23 00:00 – Updated: 2024-08-06 04:40
VLAI?
Summary
SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "openSUSE-SU-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1151663002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=486947"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "75973",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75973"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "RHSA-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "openSUSE-SU-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1151663002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=486947"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "75973",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75973"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3315"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1499",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "openSUSE-SU-2015:1287",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033031"
},
{
"name": "https://codereview.chromium.org/1151663002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1151663002"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=486947",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=486947"
},
{
"name": "GLSA-201603-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "75973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75973"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3315"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2015-1280",
"datePublished": "2015-07-23T00:00:00",
"dateReserved": "2015-01-21T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1279 (GCVE-0-2015-1279)
Vulnerability from nvd – Published: 2015-07-23 00:00 – Updated: 2024-08-06 04:40
VLAI?
Summary
Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via large height and stride values.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1241493002"
},
{
"name": "openSUSE-SU-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=483981"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "75973",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75973"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1237723002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via large height and stride values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "RHSA-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1241493002"
},
{
"name": "openSUSE-SU-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=483981"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "75973",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75973"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1237723002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3315"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via large height and stride values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1499",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "https://codereview.chromium.org/1241493002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1241493002"
},
{
"name": "openSUSE-SU-2015:1287",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033031"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=483981",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=483981"
},
{
"name": "GLSA-201603-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "75973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75973"
},
{
"name": "https://codereview.chromium.org/1237723002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1237723002"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3315"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2015-1279",
"datePublished": "2015-07-23T00:00:00",
"dateReserved": "2015-01-21T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1278 (GCVE-0-2015-1278)
Vulnerability from nvd – Published: 2015-07-23 00:00 – Updated: 2024-08-06 04:40
VLAI?
Summary
content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document, as demonstrated by the alert_dialog.pdf document.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1156663004/"
},
{
"name": "openSUSE-SU-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033031"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1150843002/"
},
{
"name": "75973",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75973"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=482380"
},
{
"name": "DSA-3315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document\u0027s modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document, as demonstrated by the alert_dialog.pdf document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "RHSA-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1156663004/"
},
{
"name": "openSUSE-SU-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033031"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1150843002/"
},
{
"name": "75973",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75973"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=482380"
},
{
"name": "DSA-3315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3315"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document\u0027s modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document, as demonstrated by the alert_dialog.pdf document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1499",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "https://codereview.chromium.org/1156663004/",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1156663004/"
},
{
"name": "openSUSE-SU-2015:1287",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033031"
},
{
"name": "GLSA-201603-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "https://codereview.chromium.org/1150843002/",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1150843002/"
},
{
"name": "75973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75973"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=482380",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=482380"
},
{
"name": "DSA-3315",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3315"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2015-1278",
"datePublished": "2015-07-23T00:00:00",
"dateReserved": "2015-01-21T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1277 (GCVE-0-2015-1277)
Vulnerability from nvd – Published: 2015-07-23 00:00 – Updated: 2024-08-06 04:40
VLAI?
Summary
Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:17.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=479743"
},
{
"name": "RHSA-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "openSUSE-SU-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1144363004/"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1151393006/"
},
{
"name": "75973",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75973"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=479743"
},
{
"name": "RHSA-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "openSUSE-SU-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1144363004/"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1151393006/"
},
{
"name": "75973",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75973"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3315"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=479743",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=479743"
},
{
"name": "RHSA-2015:1499",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "openSUSE-SU-2015:1287",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033031"
},
{
"name": "https://codereview.chromium.org/1144363004/",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1144363004/"
},
{
"name": "GLSA-201603-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "https://codereview.chromium.org/1151393006/",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1151393006/"
},
{
"name": "75973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75973"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3315"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2015-1277",
"datePublished": "2015-07-23T00:00:00",
"dateReserved": "2015-01-21T00:00:00",
"dateUpdated": "2024-08-06T04:40:17.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1666 (GCVE-0-2016-1666)
Vulnerability from cvelistv5 – Published: 2016-05-14 21:00 – Updated: 2024-08-05 23:02
VLAI?
Summary
Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:12.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=601001"
},
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=605491"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/607652"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=601001"
},
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=605491"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/607652"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-1666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/chromium/issues/detail?id=601001",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=601001"
},
{
"name": "openSUSE-SU-2016:1208",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "DSA-3564",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "https://bugs.chromium.org/p/chromium/issues/detail?id=605491",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=605491"
},
{
"name": "https://crbug.com/607652",
"refsource": "CONFIRM",
"url": "https://crbug.com/607652"
},
{
"name": "openSUSE-SU-2016:1209",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"name": "89106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-1666",
"datePublished": "2016-05-14T21:00:00",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:12.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1665 (GCVE-0-2016-1665)
Vulnerability from cvelistv5 – Published: 2016-05-14 21:00 – Updated: 2024-08-05 23:02
VLAI?
Summary
The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:12.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/606181"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1925463003"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/606181"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1925463003"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-1665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1208",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "https://crbug.com/606181",
"refsource": "CONFIRM",
"url": "https://crbug.com/606181"
},
{
"name": "https://codereview.chromium.org/1925463003",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1925463003"
},
{
"name": "DSA-3564",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"name": "89106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-1665",
"datePublished": "2016-05-14T21:00:00",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:12.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1664 (GCVE-0-2016-1664)
Vulnerability from cvelistv5 – Published: 2016-05-14 21:00 – Updated: 2024-08-05 23:02
VLAI?
Summary
The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:12.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/597322"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1848813005/"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/597322"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1848813005/"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-1664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1208",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "https://crbug.com/597322",
"refsource": "CONFIRM",
"url": "https://crbug.com/597322"
},
{
"name": "DSA-3564",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "https://codereview.chromium.org/1848813005/",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1848813005/"
},
{
"name": "openSUSE-SU-2016:1209",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "89106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-1664",
"datePublished": "2016-05-14T21:00:00",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:12.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1661 (GCVE-0-2016-1661)
Vulnerability from cvelistv5 – Published: 2016-05-14 21:00 – Updated: 2024-08-05 23:02
VLAI?
Summary
Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:12.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1887553002/"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/601629"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1887553002/"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/601629"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-1661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1208",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "DSA-3564",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"name": "https://codereview.chromium.org/1887553002/",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1887553002/"
},
{
"name": "89106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "https://crbug.com/601629",
"refsource": "CONFIRM",
"url": "https://crbug.com/601629"
},
{
"name": "openSUSE-SU-2016:1207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-1661",
"datePublished": "2016-05-14T21:00:00",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:12.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1662 (GCVE-0-2016-1662)
Vulnerability from cvelistv5 – Published: 2016-05-14 21:00 – Updated: 2024-08-05 23:02
VLAI?
Summary
extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:12.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1887423002"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/603732"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1887423002"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/603732"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-1662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1208",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "https://codereview.chromium.org/1887423002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1887423002"
},
{
"name": "DSA-3564",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "89106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "https://crbug.com/603732",
"refsource": "CONFIRM",
"url": "https://crbug.com/603732"
},
{
"name": "GLSA-201605-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-1662",
"datePublished": "2016-05-14T21:00:00",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:12.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1660 (GCVE-0-2016-1660)
Vulnerability from cvelistv5 – Published: 2016-05-14 21:00 – Updated: 2024-08-05 23:02
VLAI?
Summary
Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:12.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/574802"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1677363002"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1672603002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/574802"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1677363002"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1672603002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-1660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1208",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "https://crbug.com/574802",
"refsource": "CONFIRM",
"url": "https://crbug.com/574802"
},
{
"name": "DSA-3564",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"name": "https://codereview.chromium.org/1677363002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1677363002"
},
{
"name": "89106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-02"
},
{
"name": "https://codereview.chromium.org/1672603002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1672603002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-1660",
"datePublished": "2016-05-14T21:00:00",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:12.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1663 (GCVE-0-2016-1663)
Vulnerability from cvelistv5 – Published: 2016-05-14 21:00 – Updated: 2024-08-05 23:02
VLAI?
Summary
The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:12.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/603987"
},
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1904913002/"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/603987"
},
{
"name": "openSUSE-SU-2016:1208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "DSA-3564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1904913002/"
},
{
"name": "89106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-1663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/603987",
"refsource": "CONFIRM",
"url": "https://crbug.com/603987"
},
{
"name": "openSUSE-SU-2016:1208",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "DSA-3564",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "openSUSE-SU-2016:1209",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"name": "https://codereview.chromium.org/1904913002/",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1904913002/"
},
{
"name": "89106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-1663",
"datePublished": "2016-05-14T21:00:00",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:12.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8540 (GCVE-0-2015-8540)
Vulnerability from cvelistv5 – Published: 2016-04-14 14:00 – Updated: 2024-08-06 08:20
VLAI?
Summary
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:42.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/"
},
{
"name": "GLSA-201611-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-08"
},
{
"name": "[oss-security] 20151211 Re: Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/11/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/"
},
{
"name": "RHSA-2016:1430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"name": "[oss-security] 20151210 CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/"
},
{
"name": "[oss-security] 20151211 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/11/1"
},
{
"name": "[oss-security] 20151210 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/"
},
{
"name": "DSA-3443",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3443"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/libpng/bugs/244/"
},
{
"name": "80592",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/80592"
},
{
"name": "[oss-security] 20151217 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/17/10"
},
{
"name": "FEDORA-2015-3868cfa17b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:06:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/"
},
{
"name": "GLSA-201611-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-08"
},
{
"name": "[oss-security] 20151211 Re: Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/11/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/"
},
{
"name": "RHSA-2016:1430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"name": "[oss-security] 20151210 CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/"
},
{
"name": "[oss-security] 20151211 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/11/1"
},
{
"name": "[oss-security] 20151210 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/"
},
{
"name": "DSA-3443",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3443"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/libpng/bugs/244/"
},
{
"name": "80592",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/80592"
},
{
"name": "[oss-security] 20151217 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/17/10"
},
{
"name": "FEDORA-2015-3868cfa17b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/"
},
{
"name": "GLSA-201611-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-08"
},
{
"name": "[oss-security] 20151211 Re: Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/11/2"
},
{
"name": "http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/"
},
{
"name": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/"
},
{
"name": "RHSA-2016:1430",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"name": "[oss-security] 20151210 CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/6"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/"
},
{
"name": "[oss-security] 20151211 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/11/1"
},
{
"name": "[oss-security] 20151210 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/7"
},
{
"name": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/"
},
{
"name": "DSA-3443",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3443"
},
{
"name": "http://sourceforge.net/p/libpng/bugs/244/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/libpng/bugs/244/"
},
{
"name": "80592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/80592"
},
{
"name": "[oss-security] 20151217 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/17/10"
},
{
"name": "FEDORA-2015-3868cfa17b",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8540",
"datePublished": "2016-04-14T14:00:00",
"dateReserved": "2015-12-10T00:00:00",
"dateUpdated": "2024-08-06T08:20:42.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2051 (GCVE-0-2016-2051)
Vulnerability from cvelistv5 – Published: 2016-01-25 11:00 – Updated: 2024-08-05 23:17
VLAI?
Summary
Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:0072",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0072.html"
},
{
"name": "USN-2877-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2877-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
},
{
"name": "1034801",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034801"
},
{
"name": "81431",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/81431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "RHSA-2016:0072",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0072.html"
},
{
"name": "USN-2877-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2877-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
},
{
"name": "1034801",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034801"
},
{
"name": "81431",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/81431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-2051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:0072",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0072.html"
},
{
"name": "USN-2877-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2877-1"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
},
{
"name": "1034801",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034801"
},
{
"name": "81431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/81431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-2051",
"datePublished": "2016-01-25T11:00:00",
"dateReserved": "2016-01-24T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}