OpenSISE

50 exploits Active since Jun 2012
CVE-2016-1682 GITHUB MEDIUM c WORKING POC
WebKit/Blink <51.0.2704.63 - Auth Bypass
The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a ServiceWorker registration.
31 stars
CVSS 6.1
CVE-2016-1683 GITHUB HIGH c NO CODE
libxslt <1.1.29 - DoS
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.
31 stars
CVSS 7.5
CVE-2016-1685 GITHUB MEDIUM c NO CODE
Google Chrome <51.0.2704.63 - DoS
core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.
31 stars
CVSS 6.5
CVE-2016-1687 GITHUB MEDIUM c NO CODE
Google Chrome <51.0.2704.63 - Info Disclosure
The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions.
31 stars
CVSS 6.5
CVE-2016-1688 GITHUB MEDIUM c NO CODE
Google V8 <5.0.71.40 - DoS
The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code.
31 stars
CVSS 6.5
CVE-2016-1689 GITHUB MEDIUM c NO CODE
Google Chrome <51.0.2704.63 - Buffer Overflow
Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.
31 stars
CVSS 6.5
CVE-2016-1690 GITHUB HIGH c NO CODE
Google Chrome <51.0.2704.63 - Use After Free
The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1701.
31 stars
CVSS 7.5
CVE-2016-1691 GITHUB HIGH c NO CODE
Skia <51.0.2704.63 - DoS
Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted curves, related to SkOpCoincidence.cpp and SkPathOpsCommon.cpp.
31 stars
CVSS 7.5
CVE-2016-1697 GITHUB HIGH c NO CODE
WebKit/Blink <51.0.2704.79 - SSRF
The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
31 stars
CVSS 8.8
CVE-2016-1698 GITHUB MEDIUM c NO CODE
Google Chrome <51.0.2704.79 - Code Injection
The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition.
31 stars
CVSS 6.5
CVE-2016-1699 GITHUB MEDIUM c NO CODE
WebKit/Source/devtools/front_end/devtools.js - Info Disclosure
WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL.
31 stars
CVSS 6.5
CVE-2016-1700 GITHUB HIGH c NO CODE
Google Chrome <51.0.2704.79 - Use After Free
extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to extensions.
31 stars
CVSS 7.5
CVE-2016-1701 GITHUB HIGH c NO CODE
Google Chrome <51.0.2704.79 - Use After Free
The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1690.
31 stars
CVSS 8.8
CVE-2016-5135 GITHUB MEDIUM c WORKING POC
Google Chrome < 51.0.2704.106 - Improper Input Validation
WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "<META name='referrer' content='no-referrer'>" element.
31 stars
CVSS 6.5
CVE-2016-5160 GITHUB MEDIUM c NO CODE
Opensuse Leap < 52.0.2743.116 - Security Feature Bypass
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162.
31 stars
CVSS 6.5
CVE-2016-5173 GITHUB HIGH c NO CODE
Google Chrome < 53.0.2785.101 - Improper Access Control
The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.
31 stars
CVSS 7.1
CVE-2015-3636 GITHUB c WORKING POC
Linux kernel <4.0.3 - Use After Free
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.
31 stars
CVE-2014-0038 GITHUB c WORKING POC
Linux Kernel recvmmsg Privilege Escalation
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.
31 stars
CVE-2015-1701 GITHUB HIGH c STUB
Microsoft Win32k - Privilege Escalation
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."
31 stars
CVSS 7.8
CVE-2015-7547 GITHUB HIGH c WORKING POC
GNU C Library <2.23 - Buffer Overflow
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
31 stars
CVSS 8.1
CVE-2015-5119 GITHUB CRITICAL c STUB
Adobe Flash Player ByteArray Use After Free
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
31 stars
CVSS 9.8
CVE-2012-4792 GITHUB HIGH c STUB
Microsoft Internet Explorer <9 - Use After Free
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
31 stars
CVSS 8.8
CVE-2015-6086 GITHUB c WRITEUP
Microsoft Internet Explorer <11 - Info Disclosure
Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
31 stars
CVE-2012-1876 GITHUB c NO CODE
Microsoft Internet Explorer - Code Injection
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
31 stars
CVE-2015-7214 GITHUB c WORKING POC
Opensuse Leap < 42.0 - Information Disclosure
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.
31 stars