CVE-2016-1643

HIGH Year: 2016
CVSS v3 Score
8.8
High
CVSS v2 Score
9.3
Critical
Weakness Type
CWE-361
View all →

Vulnerability Description

The ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly maintain the user agent shadow DOM, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."

Related Vulnerabilities

CVE-2016-7036

CRITICAL
CVSS:9.8(Critical)

python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.

CWE-3612016

CVE-2016-7547

CRITICAL
CVSS:9.8(Critical)

A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface.

CWE-3612016

CVE-2015-5300

HIGH
CVSS:7.5(High)

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to ...

CWE-3612015

CVE-2016-7037

HIGH
CVSS:7.5(High)

The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attack...

CWE-3612016

CVE-2016-7036

CRITICAL
CVSS:9.8(Critical)

python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.

CWE-3612016

CVE-2016-7547

CRITICAL
CVSS:9.8(Critical)

A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface.

CWE-3612016