Search for packages
| purl | pkg:nuget/CefSharp.Wpf.HwndHost@85.3.121 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-57ne-vzp6-b7f4
Aliases: CVE-2022-0609 GHSA-vv6j-ww6x-54gx GMS-2022-140 GMS-2022-141 GMS-2022-142 GMS-2022-143 GMS-2022-144 GMS-2022-145 GMS-2022-146 GMS-2022-147 GMS-2022-148 |
Use after free in Animation. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available. There is currently little other public information on the issue other than it has been flagged as `High` severity. |
Affected by 1 other vulnerability. |
|
VCID-cfg9-fy1r-uqg6
Aliases: CVE-2020-16009 GHSA-m7mf-48hp-5qmr |
CVE-2020-16009: Inappropriate implementation in V8 - https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16009 Google is aware of reports that exploits for CVE-2020-16009 exist in the wild. Allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. There is currently little to no public information on the issue other than it has been flagged as `High` severity. |
Affected by 2 other vulnerabilities. |
|
VCID-mcug-5ay7-cqdz
Aliases: CVE-2020-16017 GHSA-gvqv-779r-4jgp |
Use after free in CefSharp CVE-2020-16017: Use after free in site isolation - https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16017 Google is aware of reports that exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild. There is currently little to no public information on the issue other than it has been flagged as `High` severity. |
Affected by 2 other vulnerabilities. |
|
VCID-mk69-tcsj-u7h1
Aliases: CVE-2020-16013 GHSA-x7fx-mcc9-27j7 |
Inappropriate implementation in V8 in CefSharp High CVE-2020-16013: Inappropriate implementation in V8. - https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16013 Google is aware of reports that exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild. There is currently little to no public information on the issue other than it has been flagged as `High` severity. |
Affected by 2 other vulnerabilities. |
|
VCID-nx21-ks3v-53e4
Aliases: CVE-2020-15999 GHSA-pv36-h7jh-qm62 |
Heap buffer overflow in CefSharp ### Impact A memory corruption bug(Heap overflow) in the FreeType font rendering library. > This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images . As per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild. ### Patches Upgrade to 85.3.130 or higher ### References - https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ - https://www.zdnet.com/article/google-releases-chrome-security-update-to-patch-actively-exploited-zero-day/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999 - https://magpcss.org/ceforum/viewtopic.php?f=10&t=17942 To review the `CEF/Chromium` patch see https://bitbucket.org/chromiumembedded/cef/commits/cd6cbe008b127990036945fb75e7c2c1594ab10d |
Affected by 5 other vulnerabilities. |
|
VCID-u9e3-f1kh-nkgn
Aliases: GHSA-f87w-3j5w-v58p |
CefSharp affected by incorrect handle provided in unspecified circumstances in Mojo on Windows Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High) https://nvd.nist.gov/vuln/detail/CVE-2025-2783 https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html https://issues.chromium.org/issues/405143032 |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||