Skip to main content

Enterprise Linux Server Supplementary Eus

81 CVEs product

Monthly

CVE-2016-1666 CRITICAL Act Now

Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary Enterprise Linux Server Supplementary Eus +3
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2016-1665 MEDIUM This Month

The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Opensuse Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +3
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2016-1664 MEDIUM This Month

The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +3
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2016-1663 HIGH This Week

The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Google Denial Of Service Opensuse Enterprise Linux Desktop Supplementary +4
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2016-1662 CRITICAL Act Now

extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.8% and no vendor patch available.

Denial Of Service Google Chrome Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +3
NVD
CVSS 3.0
9.8
EPSS
15.8%
CVE-2016-1661 HIGH This Week

Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +4
NVD
CVSS 3.0
8.0
EPSS
1.0%
CVE-2016-1660 HIGH This Week

Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Opensuse Enterprise Linux Desktop Supplementary +4
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2016-3717 MEDIUM POC PATCH THREAT This Month

The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 33.7%.

Information Disclosure Ubuntu Linux Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus +6
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
33.7%
CVE-2016-3716 LOW POC PATCH THREAT Monitor

The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.3%.

Privilege Escalation Ubuntu Linux Imagemagick Enterprise Linux Desktop Enterprise Linux Hpc Node +6
NVD Exploit-DB
CVSS 3.0
3.3
EPSS
24.3%
CVE-2016-2051 CRITICAL Act Now

Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +2
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2015-1289 HIGH This Week

Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Opensuse Enterprise Linux Desktop Supplementary +4
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2015-1288 MEDIUM This Month

The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop Supplementary +4
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2015-1287 MEDIUM This Month

Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Authentication Bypass Opensuse Chrome Enterprise Linux Desktop Supplementary +4
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-1286 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Google Debian Linux Opensuse Enterprise Linux Desktop Supplementary +4
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-1285 MEDIUM This Month

The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Google Information Disclosure Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +5
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2015-1282 MEDIUM This Month

Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Chrome Opensuse Enterprise Linux Desktop Supplementary +4
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2015-1281 MEDIUM This Month

core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Authentication Bypass Opensuse Debian Linux Chrome +4
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2015-1280 HIGH This Week

SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome Enterprise Linux Desktop Supplementary +5
NVD
CVSS 2.0
7.5
EPSS
2.2%
CVE-2015-1279 HIGH This Week

Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +5
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2015-1278 MEDIUM This Month

content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Debian Linux Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +4
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2015-1277 HIGH This Week

Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Debian Linux Enterprise Linux Desktop Supplementary +4
NVD
CVSS 2.0
7.5
EPSS
2.3%
CVE-2015-1276 CRITICAL Act Now

Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Debian Linux Enterprise Linux Desktop Supplementary +4
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2015-1273 MEDIUM This Month

Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Buffer Overflow Opensuse Enterprise Linux Desktop Supplementary +5
NVD
CVSS 2.0
6.8
EPSS
2.7%
CVE-2015-1272 HIGH This Week

Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Debian Linux Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +4
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2015-1271 MEDIUM This Month

PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Buffer Overflow Opensuse Chrome +5
NVD
CVSS 2.0
6.8
EPSS
2.9%
CVE-2015-1270 MEDIUM This Month

The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x-. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Chrome Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +5
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2015-1250 HIGH This Week

Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Ubuntu Linux Chrome Enterprise Linux Desktop Supplementary +4
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2015-1243 HIGH This Week

Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Debian Linux Ubuntu Linux +4
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2015-3044 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +7
NVD
CVSS 2.0
5.0
EPSS
2.3%
CVE-2015-3042 CRITICAL POC PATCH THREAT Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.9%.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
51.9%
Threat
5.1
CVE-2015-3041 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2015-3040 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +6
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-3039 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +6
NVD
CVSS 2.0
10.0
EPSS
8.7%
CVE-2015-3038 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
9.3%
CVE-2015-0360 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2015-0358 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft Opensuse Suse Linux Enterprise Desktop +6
NVD
CVSS 2.0
10.0
EPSS
2.3%
CVE-2015-0355 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2015-0354 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2015-0353 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2015-0352 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2015-0351 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft Flash Player Opensuse +6
NVD
CVSS 2.0
10.0
EPSS
8.7%
CVE-2015-0350 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2015-0349 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.0%.

Adobe RCE Microsoft Flash Player Enterprise Linux Desktop Supplementary +6
NVD
CVSS 2.0
10.0
EPSS
11.0%
CVE-2015-0348 CRITICAL PATCH Act Now

Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe Buffer Overflow RCE Microsoft Enterprise Linux Desktop Supplementary +7
NVD
CVSS 2.0
10.0
EPSS
5.6%
CVE-2015-0347 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2015-0346 CRITICAL PATCH Act Now

Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +6
NVD
CVSS 2.0
10.0
EPSS
7.0%
CVE-2015-1231 HIGH This Week

Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Enterprise Linux Desktop Supplementary Enterprise Linux Server +3
NVD
CVSS 2.0
7.5
EPSS
1.2%
CVE-2015-1230 HIGH This Week

The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Ubuntu Linux Enterprise Linux Desktop Supplementary +3
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2015-1229 MEDIUM This Month

net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Code Injection Ubuntu Linux Chrome Enterprise Linux Desktop Supplementary +3
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-1228 HIGH This Week

The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Ubuntu Linux Chrome Enterprise Linux Desktop Supplementary +3
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2015-1220 MEDIUM This Month

Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary Enterprise Linux Server Supplementary Eus +3
NVD
CVSS 2.0
6.8
EPSS
3.1%
CVE-2015-1219 HIGH This Week

Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +3
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2015-1218 HIGH This Week

Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +3
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2015-1217 HIGH This Week

The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +3
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2015-1216 HIGH This Week

Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Ubuntu Linux Enterprise Linux Desktop Supplementary +3
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2015-1215 HIGH This Week

The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Ubuntu Linux Enterprise Linux Desktop Supplementary +4
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2015-1214 HIGH This Week

Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Google Buffer Overflow Enterprise Linux Desktop Supplementary +5
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2014-7943 MEDIUM This Month

Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Ubuntu Linux Opensuse +6
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2014-7942 HIGH This Week

The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chromium Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +5
NVD
CVSS 2.0
7.5
EPSS
2.7%
CVE-2014-7941 MEDIUM This Month

The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chromium Enterprise Linux Desktop Supplementary +5
NVD
CVSS 2.0
5.0
EPSS
1.9%
CVE-2014-7939 MEDIUM This Month

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Google Chrome Chromium Enterprise Linux Desktop Supplementary +4
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-7926 HIGH This Week

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +7
NVD
CVSS 2.0
7.5
EPSS
2.6%
CVE-2014-7923 HIGH This Week

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +7
NVD
CVSS 2.0
7.5
EPSS
2.6%
CVE-2014-3200 HIGH This Week

Multiple unspecified vulnerabilities in Google Chrome before 38.0.2125.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +2
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2014-3199 MEDIUM This Month

The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 38.0.2125.101, has an erroneous fallback outcome for wrapper-selection. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary Enterprise Linux Server Supplementary Eus +2
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-3198 MEDIUM This Month

The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome Enterprise Linux Desktop Supplementary +3
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-3197 MEDIUM This Month

The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Privilege Escalation Google Chrome Enterprise Linux Desktop Supplementary +3
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-3195 MEDIUM This Month

Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +2
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-3194 HIGH This Week

Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service or possibly have unspecified other impact via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Enterprise Linux Desktop Supplementary +4
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-3193 HIGH This Week

The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Enterprise Linux Desktop Supplementary +4
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-3192 HIGH This Week

Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Enterprise Linux Desktop Supplementary +8
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2014-3191 HIGH This Week

Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +4
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-3190 HIGH This Week

Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +4
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-3189 HIGH This Week

The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Buffer Overflow Google Chrome +4
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-3188 CRITICAL Act Now

Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Google Code Injection Chrome Os Chrome +4
NVD
CVSS 2.0
10.0
EPSS
3.4%
CVE-2013-5870 MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Enterprise Linux Desktop Supplementary Enterprise Linux Hpc Node Supplementary +7
NVD
CVSS 2.0
6.8
EPSS
1.0%
CVE-2014-0418 MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Enterprise Linux Desktop Supplementary Enterprise Linux Hpc Node Supplementary +6
NVD
CVSS 2.0
5.1
EPSS
2.6%
CVE-2014-0382 MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect availability via unknown vectors related to JavaFX. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk +7
NVD
CVSS 2.0
4.3
EPSS
2.2%
CVE-2013-5906 MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install, a different. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Enterprise Linux Desktop Supplementary Enterprise Linux Hpc Node Supplementary +6
NVD
CVSS 2.0
5.1
EPSS
2.6%
CVE-2013-5904 MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Jre Enterprise Linux Desktop Supplementary +6
NVD
CVSS 2.0
6.8
EPSS
1.0%
CVE-2013-5895 MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Enterprise Linux Desktop Supplementary Enterprise Linux Hpc Node Supplementary +7
NVD
CVSS 2.0
5.0
EPSS
2.4%
EPSS 1% CVSS 9.8
CRITICAL Act Now

Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Enterprise Linux Desktop Supplementary +5
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Opensuse +5
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +5
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Google Denial Of Service +6
NVD
EPSS 16% CVSS 9.8
CRITICAL Act Now

extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.8% and no vendor patch available.

Denial Of Service Google Chrome +5
NVD
EPSS 1% CVSS 8.0
HIGH This Week

Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow +6
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow +6
NVD
EPSS 34% CVSS 5.5
MEDIUM POC PATCH THREAT This Month

The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 33.7%.

Information Disclosure Ubuntu Linux Enterprise Linux Desktop +8
NVD Exploit-DB
EPSS 24% CVSS 3.3
LOW POC PATCH THREAT Monitor

The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.3%.

Privilege Escalation Ubuntu Linux Imagemagick +8
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome +6
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Chrome +6
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Authentication Bypass Opensuse +6
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Google Debian Linux +6
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Google Information Disclosure +7
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Chrome +6
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Authentication Bypass Opensuse +6
NVD
EPSS 2% CVSS 7.5
HIGH This Week

SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow +7
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow +7
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Debian Linux +6
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome +6
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome +6
NVD
EPSS 3% CVSS 6.8
MEDIUM This Month

Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Buffer Overflow +7
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Debian Linux +6
NVD
EPSS 3% CVSS 6.8
MEDIUM This Month

PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Buffer Overflow +7
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x-. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Chrome +7
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Ubuntu Linux +6
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome +6
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Microsoft +9
NVD
EPSS 52% 5.1 CVSS 10.0
CRITICAL POC PATCH THREAT Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.9%.

RCE Denial Of Service Buffer Overflow +10
NVD Exploit-DB
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow +10
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Microsoft +8
NVD
EPSS 9% CVSS 10.0
CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft +8
NVD
EPSS 9% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow +10
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow +10
NVD
EPSS 2% CVSS 10.0
CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft +8
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow +10
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow +10
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow +10
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow +10
NVD
EPSS 9% CVSS 10.0
CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft +8
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow +10
NVD
EPSS 11% CVSS 10.0
CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.0%.

Adobe RCE Microsoft +8
NVD
EPSS 6% CVSS 10.0
CRITICAL PATCH Act Now

Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe Buffer Overflow RCE +9
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow +10
NVD
EPSS 7% CVSS 10.0
CRITICAL PATCH Act Now

Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft +8
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome +5
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome +5
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Code Injection Ubuntu Linux +5
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Ubuntu Linux +5
NVD
EPSS 3% CVSS 6.8
MEDIUM This Month

Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Enterprise Linux Desktop Supplementary +5
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome +5
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome +5
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome +5
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome +5
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow +6
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Google +7
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow +8
NVD
EPSS 3% CVSS 7.5
HIGH This Week

The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chromium +7
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow +7
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Google Chrome +6
NVD
EPSS 3% CVSS 7.5
HIGH This Week

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow +9
NVD
EPSS 3% CVSS 7.5
HIGH This Week

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow +9
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Multiple unspecified vulnerabilities in Google Chrome before 38.0.2125.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome +4
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 38.0.2125.101, has an erroneous fallback outcome for wrapper-selection. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Enterprise Linux Desktop Supplementary +4
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow +5
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Privilege Escalation Google +5
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service or possibly have unspecified other impact via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service +6
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service +6
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service +10
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service +6
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service +6
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Buffer Overflow +6
NVD
EPSS 3% CVSS 10.0
CRITICAL Act Now

Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Google Code Injection +6
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure +9
NVD
EPSS 3% CVSS 5.1
MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure +8
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect availability via unknown vectors related to JavaFX. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure +9
NVD
EPSS 3% CVSS 5.1
MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install, a different. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure +8
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure +8
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +9
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy