High

DATE	CVE	VULNERABILITY TITLE	RISK
2016-12-23	CVE-2016-7966	Code Injection vulnerability in multiple products Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. network low complexity kde debian fedoraproject suse CWE-94	7.3
2016-07-23	CVE-2016-5131	Use After Free vulnerability in multiple products Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. network low complexity google xmlsoft apple canonical redhat suse opensuse debian CWE-416	8.8
2016-06-05	CVE-2016-1703	Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. network low complexity google debian canonical redhat suse opensuse	8.8
2016-06-05	CVE-2016-1701	The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1690. network low complexity google debian redhat suse opensuse	8.8
2016-06-05	CVE-2016-1700	extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to extensions. network high complexity debian redhat suse opensuse google	7.5
2016-06-05	CVE-2016-1697	Improper Access Control vulnerability in multiple products The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. network low complexity google debian canonical redhat suse opensuse CWE-284	8.8
2016-06-05	CVE-2016-1696	Improper Access Control vulnerability in multiple products The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. network low complexity google debian redhat suse opensuse CWE-284	8.8
2016-06-05	CVE-2016-1695	Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. network low complexity google debian canonical redhat suse opensuse	8.8
2016-06-05	CVE-2016-1691	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted curves, related to SkOpCoincidence.cpp and SkPathOpsCommon.cpp. network high complexity debian canonical redhat suse opensuse google CWE-119	7.5
2016-06-05	CVE-2016-1690	The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1701. network high complexity debian redhat suse opensuse google	7.5