Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying vulnerability details 31 - 40 of 64342 in total

Google Chrome Vulnerability: CVE-2015-1289 Vulnerability

  • Severity: 8
  • Published: July 21, 2015

Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Google Chrome Vulnerability: CVE-2015-1273 Vulnerability

  • Severity: 7
  • Published: July 21, 2015

Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document.

Google Chrome Vulnerability: CVE-2015-1272 Vulnerability

  • Severity: 8
  • Published: July 21, 2015

Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the continued availability of a GPUChannelHost data structure during Blink shutdown, related to content/browser/gpu/browser_gpu_ch...

FreeBSD: sox -- memory corruption vulnerabilities Vulnerability

  • Severity: 4
  • Published: July 21, 2015

Michele Spagnuolo, Google Security Team, reports: The write heap buffer overflows are related to ADPCM handling in WAV files, while the read heap buffer overflow is while opening a .VOC.

Google Chrome Vulnerability: CVE-2015-1287 Vulnerability

  • Severity: 4
  • Published: July 21, 2015

Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to core/fetch/CSSStyleSheetResource.cpp.<...

Google Chrome Vulnerability: CVE-2015-1274 Vulnerability

  • Severity: 7
  • Published: July 21, 2015

Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous "Always open files of this type" choice, related to download_commands.cc and download_prefs.cc.

USN-2675-1: LXC vulnerabilities Vulnerability

  • Severity: 4
  • Published: July 21, 2015

Roman Fiedler discovered that LXC had a directory traversal flaw when creatinglock files. A local attacker could exploit this flaw to create an arbitraryfile as the root user. (CVE-2015-1331) Roman Fiedler discovered that LXC incorrectly trusted the container's procfilesystem to set up AppArmor profile changes and SELinux domain transiti...

Google Chrome Vulnerability: CVE-2015-1277 Vulnerability

  • Severity: 8
  • Published: July 21, 2015

Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures.

Google Chrome Vulnerability: CVE-2015-1278 Vulnerability

  • Severity: 4
  • Published: July 21, 2015

content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document, as demonstrated by the alert_dialog.pdf document.

Google Chrome Vulnerability: CVE-2015-1270 Vulnerability

  • Severity: 7
  • Published: July 21, 2015

The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact...