Skip to main content
CVE-2016-1646 HIGH POC KEV PATCH THREAT Act Now

The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Denial Of Service Buffer Overflow Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
66.5%
Threat
6.8
CVE-2016-2288 HIGH POC This Week

Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cogent Datahub
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-1649 HIGH This Week

The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Debian Linux Ubuntu Linux +2
NVD
CVSS 3.0
8.8
EPSS
2.8%
CVE-2016-1648 HIGH This Week

Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Opensuse Debian Linux
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2016-1647 HIGH This Week

Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Ubuntu Linux Debian Linux +1
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2016-1650 HIGH This Week

The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Opensuse Debian Linux Chrome
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2016-3679 HIGH This Week

Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google V8 Ubuntu Linux Opensuse +1
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2016-1760 MEDIUM This Month

The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Iphone Os
NVD
CVSS 3.0
6.2
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy