Vulnerabilities > Suse > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-05 | CVE-2016-1672 | Improper Access Control vulnerability in multiple products The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vectors. | 8.8 |
| 2016-05-05 | CVE-2016-3714 | Improper Input Validation vulnerability in multiple products The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." | 8.4 |
| 2016-04-30 | CVE-2016-2807 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 8.8 |
| 2016-04-30 | CVE-2016-2806 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 8.8 |
| 2016-04-18 | CVE-2016-1656 | Improper Access Control vulnerability in multiple products The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors. | 7.5 |
| 2016-04-18 | CVE-2016-1655 | Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension. | 8.8 |
| 2016-04-18 | CVE-2016-1653 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related to compiler/pipeline.cc and compiler/simplified-lowering.cc. | 8.8 |
| 2016-04-18 | CVE-2016-1651 | Information Exposure vulnerability in multiple products fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document. | 8.1 |
| 2016-04-13 | CVE-2016-3630 | Data Processing Errors vulnerability in multiple products The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records. | 8.8 |
| 2016-04-13 | CVE-2016-3069 | Improper Input Validation vulnerability in multiple products Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. | 8.8 |