CVE-2016-1661 (chrome)
Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp.
Source: CVE-2016-1661 (chrome)
CVE-2016-1661
Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp.
Source: CVE-2016-1661
CVE-2016-1660 (chrome)
Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site.
Source: CVE-2016-1660 (chrome)
CVE-2016-1660
Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site.
Source: CVE-2016-1660
CVE-2016-4325
Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors.
Source: CVE-2016-4325
CVE-2016-2298 (web'log_basic_100, web'log_light, web'log_pro, web'log_pro_unlimited)
Meteocontrol WEB’log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors.
Source: CVE-2016-2298 (web'log_basic_100, web'log_light, web'log_pro, web'log_pro_unlimited)
CVE-2016-2298
Meteocontrol WEB’log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors.
Source: CVE-2016-2298
CVE-2016-2297 (web'log_basic_100, web'log_light, web'log_pro, web'log_pro_unlimited)
Meteocontrol WEB’log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."
Source: CVE-2016-2297 (web'log_basic_100, web'log_light, web'log_pro, web'log_pro_unlimited)
CVE-2016-2297
Meteocontrol WEB’log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."
Source: CVE-2016-2297
CVE-2016-2296 (web'log_basic_100, web'log_light, web'log_pro, web'log_pro_unlimited)
Meteocontrol WEB’log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
Source: CVE-2016-2296 (web'log_basic_100, web'log_light, web'log_pro, web'log_pro_unlimited)