Filtered by vendor Redhat
Subscriptions
Filtered by product Rhel Extras
Subscriptions
Total
3425 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-5193 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages. | ||||
CVE-2016-5205 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | ||||
CVE-2016-5135 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "<META name='referrer' content='no-referrer'>" element. | ||||
CVE-2016-5211 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | ||||
CVE-2016-5171 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code. | ||||
CVE-2016-5164 | 3 Google, Opensuse, Redhat | 3 Chrome, Leap, Rhel Extras | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka "Universal XSS (UXSS)." | ||||
CVE-2016-5198 | 5 Apple, Google, Linux and 2 more | 9 Macos, Android, Chrome and 6 more | 2024-08-06 | 8.8 High |
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page. | ||||
CVE-2016-5191 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:payload@example.com URL. | ||||
CVE-2016-5131 | 8 Apple, Canonical, Debian and 5 more | 18 Iphone Os, Mac Os X, Tvos and 15 more | 2024-08-06 | N/A |
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. | ||||
CVE-2016-5133 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream. | ||||
CVE-2016-5139 | 2 Google, Redhat | 3 Chrome, Enterprise Linux, Rhel Extras | 2024-08-06 | N/A |
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. | ||||
CVE-2016-5181 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages. | ||||
CVE-2016-5170 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls. | ||||
CVE-2016-5174 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site. | ||||
CVE-2016-5147 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)." | ||||
CVE-2016-5177 | 5 Debian, Fedoraproject, Google and 2 more | 8 Debian Linux, Fedora, Chrome and 5 more | 2024-08-06 | N/A |
Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. | ||||
CVE-2016-5176 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors. | ||||
CVE-2016-5183 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files. | ||||
CVE-2016-5166 | 3 Google, Opensuse, Redhat | 3 Chrome, Leap, Rhel Extras | 2024-08-06 | N/A |
The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice. | ||||
CVE-2016-5175 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. |