Vulnerability CVE-2016-5178


Published: 2017-05-23   Modified: 2017-06-30

Description:
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

Vendor: Debian
Product: Debian linux 
Version: 8.0;
Vendor: Redhat
Product: Enterprise linux server supplementary 
Version: 6.0;
Product: Enterprise linux workstation supplementary 
Version: 6.0;
Vendor: Google
Product: Chrome 
Version: 53.0.2785.129;
Vendor: Novell
Product: LEAP 
Version: 42.1;
Vendor: Fedoraproject
Product: Fedora 
Version: 25; 24;
Vendor: Opensuse project
Product: Opensuse 
Version: 13.2;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://lists.opensuse.org/opensuse-updates/2016-10/msg00000.html
http://lists.opensuse.org/opensuse-updates/2016-10/msg00001.html
http://rhn.redhat.com/errata/RHSA-2016-2007.html
http://www.debian.org/security/2016/dsa-3683
http://www.securityfocus.com/bid/93238
http://www.securitytracker.com/id/1036970
https://bugs.chromium.org/p/chromium/issues/detail?id=645028
https://bugs.chromium.org/p/chromium/issues/detail?id=651092
https://bugzilla.redhat.com/show_bug.cgi?id=1380632
https://chromereleases.googleblog.com/2016/09/stable-channel-update-for-desktop_29.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6FWZVE5PX27FWPLGOPDA7ZC5MILOWN6K/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNUTOWCXLWVXOTGQUS53DSRVTO3J226Z/
https://security.gentoo.org/glsa/201610-09

Related CVE
CVE-2015-3138
print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).
CVE-2017-6594
The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.
CVE-2014-4616
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decod...
CVE-2015-3405
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remot...
CVE-2014-3462
The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".
CVE-2015-5203
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
CVE-2015-5221
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
CVE-2015-5300
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option,...

Copyright 2017, cxsecurity.com

 

Back to Top