Github Exploits

3,773 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-3636 GITHUB c
Linux kernel <4.0.3 - Use After Free
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.
by OpenSISE
31 stars
CVE-2016-5173 GITHUB HIGH c
Google Chrome < 53.0.2785.101 - Same Origin Policy Bypass via Object.prototype Access
The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.
by OpenSISE
31 stars
CVSS 7.1
CVE-2016-5160 GITHUB MEDIUM c
Opensuse Leap < 52.0.2743.116 - Security Feature Bypass
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162.
by OpenSISE
31 stars
CVSS 6.5
CVE-2016-5135 GITHUB MEDIUM c
Google Chrome < 51.0.2704.106 - Content Security Policy Bypass via Referrer Policy Mismatch
WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "<META name='referrer' content='no-referrer'>" element.
by OpenSISE
31 stars
CVSS 6.5
CVE-2016-1701 GITHUB HIGH c
Google Chrome <51.0.2704.79 - Use After Free
The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1690.
by OpenSISE
31 stars
CVSS 8.8
CVE-2016-1700 GITHUB HIGH c
Google Chrome <51.0.2704.79 - Use After Free
extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to extensions.
by OpenSISE
31 stars
CVSS 7.5
CVE-2016-1699 GITHUB MEDIUM c
WebKit/Source/devtools/front_end/devtools.js - Info Disclosure
WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL.
by OpenSISE
31 stars
CVSS 6.5
CVE-2016-1698 GITHUB MEDIUM c
Google Chrome <51.0.2704.79 - Code Injection
The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition.
by OpenSISE
31 stars
CVSS 6.5
CVE-2016-1697 GITHUB HIGH c
Google Chrome < 51.0.2704.79 - Same Origin Policy Bypass via Frame Navigation
The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
by OpenSISE
31 stars
CVSS 8.8
CVE-2016-1691 GITHUB HIGH c
Skia <51.0.2704.63 - DoS
Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted curves, related to SkOpCoincidence.cpp and SkPathOpsCommon.cpp.
by OpenSISE
31 stars
CVSS 7.5
CVE-2016-1690 GITHUB HIGH c
Google Chrome <51.0.2704.63 - Use After Free
The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1701.
by OpenSISE
31 stars
CVSS 7.5
CVE-2016-1689 GITHUB MEDIUM c
Google Chrome <51.0.2704.63 - Buffer Overflow
Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.
by OpenSISE
31 stars
CVSS 6.5
CVE-2016-1688 GITHUB MEDIUM c
Google V8 <5.0.71.40 - DoS
The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code.
by OpenSISE
31 stars
CVSS 6.5
CVE-2016-1687 GITHUB MEDIUM c
Google Chrome <51.0.2704.63 - Info Disclosure
The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions.
by OpenSISE
31 stars
CVSS 6.5
CVE-2016-1685 GITHUB MEDIUM c
Google Chrome < 51.0.2704.63 - Denial of Service via PDFium Index Miscalculations
core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.
by OpenSISE
31 stars
CVSS 6.5
CVE-2016-1683 GITHUB HIGH c
libxslt < 1.1.29 - Heap-Based Buffer Overflow via Namespace Node Handling
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.
by OpenSISE
31 stars
CVSS 7.5
CVE-2016-1682 GITHUB MEDIUM c
WebKit/Blink <51.0.2704.63 - Auth Bypass
The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a ServiceWorker registration.
by OpenSISE
31 stars
CVSS 6.1
CVE-2016-1681 GITHUB HIGH c
OpenJPEG - Buffer Overflow
Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.
by OpenSISE
31 stars
CVSS 8.8
CVE-2016-1680 GITHUB HIGH c
Skia <51.0.2704.63 - Use After Free
Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via unknown vectors.
by OpenSISE
31 stars
CVSS 8.8
CVE-2016-1679 GITHUB HIGH c
Google Chrome <51.0.2704.63 - Use After Free
The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.
by OpenSISE
31 stars
CVSS 8.8
CVE-2016-1678 GITHUB HIGH c
Google V8 < 5.0.71 - Heap-Based Buffer Overflow via Lazy Deoptimization
objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
by OpenSISE
31 stars
CVSS 8.8
CVE-2016-1677 GITHUB MEDIUM c
Google V8 <5.1.281.26 - Info Disclosure
uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."
by OpenSISE
31 stars
CVSS 6.5
CVE-2016-1676 GITHUB HIGH c
Google Chrome <51.0.2704.63 - XSS
extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
by OpenSISE
31 stars
CVSS 8.8
CVE-2016-1675 GITHUB HIGH c
Google Chrome <51.0.2704.63 - CSRF
Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.
by OpenSISE
31 stars
CVSS 8.8
CVE-2016-1674 GITHUB HIGH c
Google Chrome <51.0.2704.63 - CSRF
The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
by OpenSISE
31 stars
CVSS 8.8