OpenSISE

50 exploits Active since Jun 2012
CVE-2015-2365 GITHUB c WORKING POC
Windows win32k.sys - Local Privilege Escalation via Crafted Application
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
31 stars
CVE-2015-2366 GITHUB c WORKING POC
Windows 7/8/8.1, Server 2008/2012, RT - Privilege Escalation via win32k.sys
win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
31 stars
CVE-2015-2507 GITHUB c WORKING POC
Microsoft Windows - Local Privilege Escalation via Adobe Type Manager Library
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2512.
31 stars
CVE-2016-1651 GITHUB HIGH c NO CODE
Google Chrome <50.0.2661.75 - Info Disclosure/DoS
fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document.
31 stars
CVSS 8.1
CVE-2016-1653 GITHUB HIGH c NO CODE
Google V8 <50.0.2661.75 - DoS
The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related to compiler/pipeline.cc and compiler/simplified-lowering.cc.
31 stars
CVSS 8.8
CVE-2016-1655 GITHUB HIGH c STUB
Google Chrome <50.0.2661.75 - Use After Free
Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension.
31 stars
CVSS 8.8
CVE-2016-1656 GITHUB HIGH c WORKING POC
Google Chrome <50.0.2661.75 - Open Redirect
The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors.
31 stars
CVSS 7.5
CVE-2016-1660 GITHUB HIGH c NO CODE
Google Chrome <50.0.2661.94 - DoS
Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site.
31 stars
CVSS 8.8
CVE-2016-1661 GITHUB HIGH c NO CODE
Google Chrome <50.0.2661.94 - Memory Corruption
Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp.
31 stars
CVSS 8.0
CVE-2016-1662 GITHUB CRITICAL c NO CODE
Google Chrome <50.0.2661.94 - Use After Free
extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
31 stars
CVSS 9.8
CVE-2016-1664 GITHUB MEDIUM c NO CODE
Google Chrome <50.0.2661.94 - Info Disclosure
The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site.
31 stars
CVSS 4.3
CVE-2016-1665 GITHUB MEDIUM c NO CODE
Google V8 <50.0.2661.94 - Info Disclosure
The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code.
31 stars
CVSS 6.5
CVE-2016-1667 GITHUB HIGH c NO CODE
WebKit/Blink <50.0.2661.102 - RCE
The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
31 stars
CVSS 8.8
CVE-2016-1668 GITHUB HIGH c NO CODE
Google Chrome < 50.0.2661.102 - Same Origin Policy Bypass via V8 Iterable Bindings
The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
31 stars
CVSS 8.8
CVE-2016-1669 GITHUB HIGH c NO CODE
Google V8 <5.0.71.47 - Buffer Overflow
The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
31 stars
CVSS 8.8
CVE-2016-1672 GITHUB HIGH c NO CODE
Google Chrome < 51.0.2704.63 - Same Origin Policy Bypass via ModuleSystem Bindings Interception
The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vectors.
31 stars
CVSS 8.8
CVE-2016-1673 GITHUB HIGH c NO CODE
Google Chrome < 51.0.2704.63 - Same Origin Policy Bypass in Blink
Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
31 stars
CVSS 8.8
CVE-2016-1674 GITHUB HIGH c NO CODE
Google Chrome <51.0.2704.63 - CSRF
The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
31 stars
CVSS 8.8
CVE-2016-1675 GITHUB HIGH c NO CODE
Google Chrome <51.0.2704.63 - CSRF
Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.
31 stars
CVSS 8.8
CVE-2016-1676 GITHUB HIGH c NO CODE
Google Chrome <51.0.2704.63 - XSS
extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
31 stars
CVSS 8.8
CVE-2016-1677 GITHUB MEDIUM c NO CODE
Google V8 <5.1.281.26 - Info Disclosure
uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."
31 stars
CVSS 6.5
CVE-2016-1678 GITHUB HIGH c NO CODE
Google V8 < 5.0.71 - Heap-Based Buffer Overflow via Lazy Deoptimization
objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
31 stars
CVSS 8.8
CVE-2016-1679 GITHUB HIGH c NO CODE
Google Chrome <51.0.2704.63 - Use After Free
The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.
31 stars
CVSS 8.8
CVE-2016-1680 GITHUB HIGH c NO CODE
Skia <51.0.2704.63 - Use After Free
Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via unknown vectors.
31 stars
CVSS 8.8
CVE-2016-1681 GITHUB HIGH c NO CODE
OpenJPEG - Buffer Overflow
Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.
31 stars
CVSS 8.8