CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2016-5177 – chromium-browser: use after free in v8
https://notcve.org/view.php?id=CVE-2016-5177
05 Oct 2016 — Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de linberación en V8 en Google Chrome anterior a la versión 53.0.2785.143, permite a atacantes remotos provocar una denegación de servicio (bloqueo) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. A use-after-free was discovered in the V8 bindings ... • http://lists.opensuse.org/opensuse-updates/2016-10/msg00000.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2016-5178 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-5178
05 Oct 2016 — Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 53.0.2785.143 permiten a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos A use-after-free was discovered in the V8 bindings in Blink. If a user were tricked in to opening a specially crafted... • http://lists.opensuse.org/opensuse-updates/2016-10/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 89%CPEs: 84EXPL: 2CVE-2016-3715 – ImageMagick Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2016-3715
05 May 2016 — The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. El codificador EPHEMERAL en ImageMagick en versiones anteriores a 6.9.3-10 y 7.x en versiones anteriores a 7.0.1-1 permite a atacantes remotos eliminar archivos arbitrarios a través de una imagen manipulada. It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted... • https://www.exploit-db.com/exploits/39767 • CWE-20: Improper Input Validation CWE-552: Files or Directories Accessible to External Parties •
CVSS: 4.3EPSS: 40%CPEs: 19EXPL: 2CVE-2016-3716 – ImageMagick 7.0.1-0 / 6.9.3-9 - 'ImageTragick ' Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-3716
05 May 2016 — The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. El codificador MSL en ImageMagick en versiones anteriores a 6.9.3-10 y 7.x en versiones anteriores a 7.0.1-1 permite a atacantes remotos mover archivos arbitrarios a través de una imagen manipulada. It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote... • https://www.exploit-db.com/exploits/39767 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 45%CPEs: 19EXPL: 1CVE-2016-3717 – ImageMagick 7.0.1-0 / 6.9.3-9 - 'ImageTragick ' Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-3717
05 May 2016 — The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. El codificador LABEL en ImageMagick en versiones anteriores a 6.9.3-10 y 7.x en versiones anteriores a 7.0.1-1 permite a atacantes remotos leer archivos arbitrarios a través de una imagen manipulada. It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A rem... • https://www.exploit-db.com/exploits/39767 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 90%CPEs: 84EXPL: 1CVE-2016-3718 – ImageMagick Server-Side Request Forgery (SSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2016-3718
05 May 2016 — The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. Los codificadores (1) HTTP y (2) FTP en ImageMagick en versiones anteriores a 6.9.3-10 y 7.x en versiones anteriores a 7.0.1-1 permiten a atacantes remotos llevar a cabo ataques de falsificación de peticiones del lado del servidor (SSRF) a través de una imagen manipulada. A server-side request forgery flaw was discovered in th... • https://www.exploit-db.com/exploits/39767 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 15%CPEs: 6EXPL: 0CVE-2016-1662 – chromium-browser: use-after-free in extensions
https://notcve.org/view.php?id=CVE-2016-1662
02 May 2016 — extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. extensions/renderer/gc_callback.cc en Google Chrome en versiones anteriores a 50.0.2661.94 no previene la ejecución de retorno una vez que la llamada de retorno Garbage Collection ha comenzado, lo que permite a atac... • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2016-1660 – chromium-browser: out-of-bounds write in blink
https://notcve.org/view.php?id=CVE-2016-1660
02 May 2016 — Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site. Blink, tal como se utiliza en Google Chrome en versiones anteriores a 50.0.2661.94, no maneja correctamente las aserciones en las clases WTF::BitArray y WTF::double_conversion::Vector, lo que permite a atacantes remotos provo... • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html • CWE-20: Improper Input Validation •
CVSS: 8.3EPSS: 1%CPEs: 6EXPL: 0CVE-2016-1661 – chromium-browser: memory corruption in cross-process frames
https://notcve.org/view.php?id=CVE-2016-1661
02 May 2016 — Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp. Blink, tal como se utiliza en Google Chrome en versiones anteriores a 50.0.2661.94, no asegura que los marcos satisfagan una comprobación para el m... • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2016-1663 – chromium-browser: use-after-free in blink's v8 bindings
https://notcve.org/view.php?id=CVE-2016-1663
02 May 2016 — The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site. La función SerializedScriptValue::transferArrayBuffers en WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp en los enlaces... • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html •