Search
Total
399 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26919 | 1 Netgear | 2 Jgs516pe, Jgs516pe Firmware | 2020-10-19 | 7.5 HIGH | 9.8 CRITICAL |
| NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. | |||||
| CVE-2020-26908 | 1 Netgear | 30 D6200, D6200 Firmware, D7000 and 27 more | 2020-10-16 | 10.0 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6050 before 1.0.1.22, JR6150 before 1.0.1.22, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R69002 before 1.2.0.62, and WNR2020 before 1.1.0.62. | |||||
| CVE-2020-9850 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-10-16 | 7.5 HIGH | 9.8 CRITICAL |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution. | |||||
| CVE-2019-1976 | 1 Cisco | 2 Industrial Network Director, Network Level Service | 2020-10-16 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper access restrictions on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to access running configuration information about devices managed by the IND, including administrative credentials. | |||||
| CVE-2019-13550 | 1 Advantech | 1 Webaccess | 2020-10-16 | 9.0 HIGH | 9.8 CRITICAL |
| In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash. | |||||
| CVE-2019-17137 | 1 Netgear | 2 Ac1200 R6220, Ac1200 R6220 Firmware | 2020-10-09 | 7.5 HIGH | 9.4 CRITICAL |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path strings. By inserting a null byte into the path, the user can skip most authentication checks. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-8616. | |||||
| CVE-2019-7475 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2020-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). | |||||
| CVE-2019-10939 | 1 Siemens | 10 Tim 3v-ie, Tim 3v-ie Advanced, Tim 3v-ie Advanced Firmware and 7 more | 2020-10-05 | 6.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3). The affected versions contain an open debug port that is available under certain specific conditions. The vulnerability is only available if the IP address is configured to 192.168.1.2. If available, the debug port could be exploited by an attacker with network access to the device. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known. | |||||
| CVE-2018-7520 | 1 Geutebrueck | 4 G-cam\/efd-2250, G-cam\/efd-2250 Firmware, Topfd-2125 and 1 more | 2020-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could allow a full configuration download, including passwords. | |||||
| CVE-2019-10417 | 1 Jenkins | 1 Kubernetes Pipeline | 2020-10-02 | 6.5 MEDIUM | 9.9 CRITICAL |
| Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | |||||
| CVE-2019-10938 | 1 Siemens | 25 6md85, 6md86, 6md89 and 22 more | 2020-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-10970 | 1 Rockwellautomation | 2 Panelview 5510, Panelview 5510 Firmware | 2020-10-01 | 10.0 HIGH | 9.8 CRITICAL |
| In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and gain root-level access to the device’s file system. | |||||
| CVE-2019-10418 | 1 Jenkins | 1 Kubernetes Pipeline | 2020-10-01 | 6.5 MEDIUM | 9.9 CRITICAL |
| Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | |||||
| CVE-2020-26100 | 1 Cpanel | 1 Cpanel | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). | |||||
| CVE-2020-26108 | 1 Cpanel | 1 Cpanel | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488). | |||||
| CVE-2018-17890 | 1 Nuuo | 1 Nuuo Cms | 2020-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution. | |||||
| CVE-2020-15860 | 1 Parallels | 1 Remote Application Server | 2020-09-16 | 6.5 MEDIUM | 9.9 CRITICAL |
| Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it was discovered that it is possible to access any host in the internal domain, even if it has no published applications or the mentioned host is no longer associated with that server farm. | |||||
| CVE-2019-16374 | 1 Pega | 1 Platform | 2020-08-19 | 7.5 HIGH | 9.8 CRITICAL |
| Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control. | |||||
| CVE-2020-14487 | 1 Freemedsoftware | 1 Openclinic Ga | 2020-07-29 | 7.5 HIGH | 9.8 CRITICAL |
| OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrator has not expressly turned off this account, which may allow an attacker to login and execute arbitrary commands. | |||||
| CVE-2011-3188 | 3 F5, Linux, Redhat | 15 Arx, Big-ip Access Policy Manager, Big-ip Analytics and 12 more | 2020-07-29 | 6.4 MEDIUM | 9.1 CRITICAL |
| The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets. | |||||
| CVE-2020-4077 | 1 Electronjs | 1 Electron | 2020-07-13 | 6.5 MEDIUM | 9.9 CRITICAL |
| In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4. | |||||
| CVE-2020-4076 | 1 Electronjs | 1 Electron | 2020-07-13 | 3.6 LOW | 9.0 CRITICAL |
| In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4. | |||||
| CVE-2017-18920 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy. | |||||
| CVE-2020-7512 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2020-06-19 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component. | |||||
| CVE-2020-11075 | 1 Anchore | 1 Engine | 2020-06-03 | 6.5 MEDIUM | 9.9 CRITICAL |
| In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an authenticated user via a valid API request to anchore engine, or if an already added image that anchore is monitoring has its manifest altered to exploit the same flaw. A successful attack can be used to execute commands that run in the analyzer environment, with the same permissions as the user that anchore engine is run as - including access to the credentials that Engine uses to access its own database which have read-write ability, as well as access to the running engien analyzer service environment. By default Anchore Engine is released and deployed as a container where the user is non-root, but if users run Engine directly or explicitly set the user to 'root' then that level of access may be gained in the execution environment where Engine runs. This issue is fixed in version 0.7.1. | |||||
| CVE-2020-11710 | 1 Konghq | 1 Docker-kong | 2020-05-21 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “1) Inaccurate Bug Scope - The issue scope was on Kong's docker-compose template, and not Kong's docker image itself. In reality, this issue is not associated with any version of the Kong gateway. As such, the description stating ‘An issue was discovered in docker-kong (for Kong) through 2.0.3.’ is incorrect. This issue only occurs if a user decided to spin up Kong via docker-compose without following the security documentation. The docker-compose template is meant for users to quickly get started with Kong, and is meant for development purposes only. 2) Incorrect Patch Links - The CVE currently points to a documentation improvement as a “Patch” link: https://github.com/Kong/docs.konghq.com/commit/d693827c32144943a2f45abc017c1321b33ff611.This link actually points to an improvement Kong Inc made for fool-proofing. However, instructions for how to protect the admin API were already well-documented here: https://docs.konghq.com/2.0.x/secure-admin-api/#network-layer-access-restrictions , which was first published back in 2017 (as shown in this commit: https://github.com/Kong/docs.konghq.com/commit/e99cf875d875dd84fdb751079ac37882c9972949) Lastly, the hyperlink to https://github.com/Kong/kong (an unrelated Github Repo to this issue) on the Hyperlink list does not include any meaningful information on this topic.” | |||||
| CVE-2019-18869 | 1 Blaauwproducts | 1 Remote Kiln Control | 2020-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17. | |||||
| CVE-2019-10551 | 1 Qualcomm | 108 Apq8009, Apq8009 Firmware, Apq8017 and 105 more | 2020-05-08 | 9.4 HIGH | 9.1 CRITICAL |
| String error while processing non standard SIP messages received can lead to buffer overread and then denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | |||||
| CVE-2020-11690 | 1 Jetbrains | 1 Intellij Idea | 2020-04-29 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases. | |||||
| CVE-2020-5545 | 1 Mitsubishielectric | 2 Iu1-1m20-d, Iu1-1m20-d Firmware | 2020-03-19 | 7.5 HIGH | 9.8 CRITICAL |
| TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to bypass access restriction and to stop the network functions or execute malware via a specially crafted packet. | |||||
| CVE-2020-10121 | 1 Cpanel | 1 Cpanel | 2020-03-19 | 7.5 HIGH | 9.8 CRITICAL |
| cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546). | |||||
| CVE-2020-8796 | 1 Biscom | 1 Secure File Transfer | 2020-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server. | |||||
| CVE-2019-1353 | 2 Git-scm, Opensuse | 2 Git, Leap | 2020-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active. | |||||
| CVE-2019-17440 | 1 Paloaltonetworks | 3 Pa-7050, Pa-7080, Pan-os | 2020-02-17 | 10.0 HIGH | 9.8 CRITICAL |
| Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and PA-7050 devices with an LFC installed and configured. This issue does not affect PA-7000 Series deployments using the first-generation SMC and the Log Processing Card (LPC). This issue does not affect any other PA series devices. This issue does not affect devices without an LFC. This issue does not affect PAN-OS 8.1 or prior releases. This issue only affected a very limited number of customers and we undertook individual outreach to help them upgrade. At the time of publication, all identified customers have upgraded SW or content and are not impacted. | |||||
| CVE-2011-3614 | 1 Vanillaforums | 1 Vanilla | 2020-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9. | |||||
| CVE-2013-6792 | 1 Google | 1 Android | 2020-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability | |||||
| CVE-2012-4284 | 1 Sparklabs | 1 Viscosity | 2020-01-22 | 10.0 HIGH | 9.8 CRITICAL |
| A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code | |||||
| CVE-2004-2776 | 1 Goscript Project | 1 Goscript | 2020-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter. | |||||
| CVE-2019-20049 | 1 Al-enterprise | 1 Omnivista 4760 | 2020-01-07 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal (which helps to bypass authentication) with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directory traversal is in the __construct() whereas the insecure file upload is in SetSkinImages(). | |||||
| CVE-2016-1962 | 3 Mozilla, Opensuse, Oracle | 4 Firefox, Firefox Esr, Opensuse and 1 more | 2019-12-27 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections. | |||||
| CVE-2019-18269 | 1 Omron | 2 Plc Cj Firmware, Plc Cs Firmware | 2019-12-27 | 7.5 HIGH | 9.8 CRITICAL |
| In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, the software properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control. | |||||
| CVE-2011-1930 | 2 Debian, Klibc Project | 2 Debian Linux, Klibc | 2019-11-19 | 10.0 HIGH | 9.8 CRITICAL |
| In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options. | |||||
| CVE-2007-6745 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2019-11-13 | 7.5 HIGH | 9.8 CRITICAL |
| clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. | |||||
| CVE-2015-7988 | 1 Apple | 6 Airport Base Station, Airport Base Station Firmware, Iphone Os and 3 more | 2019-06-19 | 7.5 HIGH | 9.8 CRITICAL |
| The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors. | |||||
| CVE-2016-3227 | 1 Microsoft | 1 Windows Server 2012 | 2019-05-08 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the DNS Server component in Microsoft Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Server Use After Free Vulnerability." | |||||
| CVE-2015-4603 | 2 Php, Redhat | 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2019-04-22 | 10.0 HIGH | 9.8 CRITICAL |
| The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue. | |||||
| CVE-2015-4602 | 2 Php, Redhat | 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2019-04-22 | 10.0 HIGH | 9.8 CRITICAL |
| The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue. | |||||
| CVE-2016-0705 | 5 Canonical, Debian, Google and 2 more | 5 Ubuntu Linux, Debian Linux, Android and 2 more | 2019-02-20 | 10.0 HIGH | 9.8 CRITICAL |
| Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. | |||||
| CVE-2015-8876 | 1 Php | 1 Php | 2019-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data. | |||||
| CVE-2016-1662 | 3 Google, Opensuse, Redhat | 6 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 3 more | 2018-10-30 | 10.0 HIGH | 9.8 CRITICAL |
| extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. | |||||