Skip to main content
CVE-2015-1271 MEDIUM This Month

PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Buffer Overflow Opensuse Chrome +5
NVD
CVSS 2.0
6.8
EPSS
2.9%
CVE-2015-1273 MEDIUM This Month

Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Buffer Overflow Opensuse Enterprise Linux Desktop Supplementary +5
NVD
CVSS 2.0
6.8
EPSS
2.7%
CVE-2015-1274 MEDIUM This Month

Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Google Debian Linux Opensuse Enterprise Linux Desktop Supplementary +3
NVD
CVSS 2.0
6.8
EPSS
2.3%
CVE-2015-1282 MEDIUM This Month

Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Chrome Opensuse Enterprise Linux Desktop Supplementary +4
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2015-1270 MEDIUM This Month

The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x-. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Chrome Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +5
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2015-1288 MEDIUM This Month

The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop Supplementary +4
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2015-1283 MEDIUM This Month

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Integer Overflow Denial Of Service Google Buffer Overflow Chrome +12
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2015-5605 MEDIUM This Month

The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Opensuse
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2015-1285 MEDIUM This Month

The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Google Information Disclosure Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +5
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2015-4285 MEDIUM This Month

The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-1278 MEDIUM This Month

content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Debian Linux Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +4
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2015-1281 MEDIUM This Month

core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Authentication Bypass Opensuse Debian Linux Chrome +4
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2015-1287 MEDIUM This Month

Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Authentication Bypass Opensuse Chrome Enterprise Linux Desktop Supplementary +4
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-1286 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Google Debian Linux Opensuse Enterprise Linux Desktop Supplementary +4
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-1275 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Google Java Opensuse Chrome
NVD
CVSS 2.0
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy