Latest CVE Feed
-
7.8
HIGHCVE-2015-4527
Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters.... Read more
- EPSS Score: %0.57
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-4285
The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote atta... Read more
Affected Products : ios_xr- EPSS Score: %0.47
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-5605
The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash) via crafted JavaScript code, as demonstrated by an erro... Read more
- EPSS Score: %1.48
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-1289
Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.... Read more
- EPSS Score: %1.47
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-1288
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified oth... Read more
- EPSS Score: %0.85
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-1287
Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Ori... Read more
- EPSS Score: %0.86
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-1286
Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by lev... Read more
- EPSS Score: %0.69
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-1285
The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive... Read more
- EPSS Score: %1.11
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-1284
The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid c... Read more
- EPSS Score: %1.22
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-1283
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified... Read more
Affected Products : ubuntu_linux debian_linux leap chrome python opensuse solaris linux_enterprise_server linux_enterprise_desktop linux_enterprise_software_development_kit +3 more products- EPSS Score: %0.71
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-1282
Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF documen... Read more
- EPSS Score: %2.03
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-1281
core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image from an... Read more
- EPSS Score: %0.98
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-1280
SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted ... Read more
- EPSS Score: %2.17
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-1279
Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified ... Read more
- EPSS Score: %1.65
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-1278
content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document... Read more
- EPSS Score: %1.09
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-1277
Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessib... Read more
- EPSS Score: %2.31
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2015-1276
Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by l... Read more
- EPSS Score: %2.78
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-1275
Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or HTML via a crafted intent: URL, as demonstrated by a traili... Read more
- EPSS Score: %0.36
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-1274
Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous "Always open files ... Read more
- EPSS Score: %2.81
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-1273
Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF documen... Read more
- EPSS Score: %2.70
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025