Vulnerabilities > Opensuse > Leap
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-18 | CVE-2016-1657 | 7PK - Security Features vulnerability in multiple products The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL. | 4.3 |
| 2016-04-18 | CVE-2016-1656 | Improper Access Control vulnerability in multiple products The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors. | 7.5 |
| 2016-04-18 | CVE-2016-1655 | Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension. | 8.8 |
| 2016-04-18 | CVE-2016-1654 | Improper Input Validation vulnerability in multiple products The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors. | 6.5 |
| 2016-04-18 | CVE-2016-1653 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related to compiler/pipeline.cc and compiler/simplified-lowering.cc. | 8.8 |
| 2016-04-18 | CVE-2016-1652 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)." | 6.1 |
| 2016-04-18 | CVE-2016-1651 | Information Exposure vulnerability in multiple products fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document. | 8.1 |
| 2016-04-13 | CVE-2016-2313 | Permissions, Privileges, and Access Controls vulnerability in multiple products auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database. | 8.8 |
| 2016-04-13 | CVE-2016-3982 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow. | 8.8 |
| 2016-04-13 | CVE-2016-3630 | Data Processing Errors vulnerability in multiple products The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records. | 8.8 |