8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.236 Low
EPSS
Percentile
96.5%
Severity: High
Date : 2017-02-02
CVE-ID : CVE-2016-5182 CVE-2016-5183 CVE-2016-5189 CVE-2016-5199
CVE-2016-5201 CVE-2016-5203 CVE-2016-5204 CVE-2016-5205
CVE-2016-5206 CVE-2016-5207 CVE-2016-5208 CVE-2016-5210
CVE-2016-5211 CVE-2016-5212 CVE-2016-5213 CVE-2016-5214
CVE-2016-5215 CVE-2016-5216 CVE-2016-5217 CVE-2016-5218
CVE-2016-5219 CVE-2016-5221 CVE-2016-5222 CVE-2016-5223
CVE-2016-5224 CVE-2016-5225 CVE-2016-9650 CVE-2016-9651
Package : qt5-webengine
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-162
The package qt5-webengine before version 5.8.0-1 is vulnerable to
multiple issues including access restriction bypass, arbitrary code
execution, arbitrary filesystem access, cross-site scripting, same-
origin policy bypass, content spoofing, information disclosure and
insufficient validation.
Upgrade to 5.8.0-1.
The problems have been fixed upstream in version 5.8.0.
None.
A heap overflow flaw was found in the Blink component of the Chromium
browser.
An use after free flaw was found in the PDFium component of the
Chromium browser.
An URL spoofing flaw was found in the Chromium browser.
FFMPEG MP4 decoder contains an off-by-one error resulting in an
allocation of size 0, followed by corrupting an arbitrary number of
pointers out of bounds on the heap, where each is pointing to
controllable or uninitialized data. A remote attacker can potentially
use this flaw to exploit heap corruption via a crafted video file.
An information disclosure flaw was found in the extensions component of
the Chromium browser before 54.0.2840.100.
An use after free flaw was found in the PDFium component of the
Chromium browser.
An universal XSS flaw was found in the Blink component of the Chromium
browser.
An universal XSS flaw was found in the Blink component of the Chromium
browser.
A same-origin bypass flaw was found in the PDFium component of the
Chromium browser.
An universal XSS flaw was found in the Blink component of the Chromium
browser.
An universal XSS flaw was found in the Blink component of the Chromium
browser.
An out of bounds write flaw was found in the PDFium component of the
Chromium browser.
An use after free flaw was found in the PDFium component of the
Chromium browser.
A local file disclosure flaw was found in the DevTools component of the
Chromium browser.
An use after free flaw was found in the V8 component of the Chromium
browser.
A file download protection bypass was discovered in the Chromium
browser.
An use after free flaw was found in the Webaudio component of the
Chromium browser.
An use after free flaw was found in the PDFium component of the
Chromium browser.
An use of unvalidated data flaw was found in the PDFium component of
the Chromium browser.
An address spoofing flaw was found in the Omnibox component of the
Chromium browser.
An use after free flaw was found in the V8 component of the Chromium
browser.
An integer overflow flaw was found in the ANGLE component of the
Chromium browser.
An address spoofing flaw was found in the Omnibox component of the
Chromium browser.
An integer overflow flaw was found in the PDFium component of the
Chromium browser.
A same-origin bypass flaw was found in the SVG component of the
Chromium browser.
A CSP bypass flaw was found in the Blink component of the Chromium
browser.
A CSP referrer disclosure vulnerability has been discovered in the
Chromium browser.
A private property access flaw was found in the V8 component of the
Chromium browser.
A remote attacker might be able to bypass access restrictions, access
sensitive information or files, and execute arbitrary code on the
affected host.
https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.8.0
https://googlechromereleases.blogspot.fr/2016/10/stable-channel-update-for-desktop.html
https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html
https://bugs.chromium.org/p/chromium/issues/detail?id=643948
https://bugs.chromium.org/p/chromium/issues/detail?id=660678
https://googlechromereleases.blogspot.fr/2016/12/stable-channel-update-for-desktop.html
https://security.archlinux.org/CVE-2016-5182
https://security.archlinux.org/CVE-2016-5183
https://security.archlinux.org/CVE-2016-5189
https://security.archlinux.org/CVE-2016-5199
https://security.archlinux.org/CVE-2016-5201
https://security.archlinux.org/CVE-2016-5203
https://security.archlinux.org/CVE-2016-5204
https://security.archlinux.org/CVE-2016-5205
https://security.archlinux.org/CVE-2016-5206
https://security.archlinux.org/CVE-2016-5207
https://security.archlinux.org/CVE-2016-5208
https://security.archlinux.org/CVE-2016-5210
https://security.archlinux.org/CVE-2016-5211
https://security.archlinux.org/CVE-2016-5212
https://security.archlinux.org/CVE-2016-5213
https://security.archlinux.org/CVE-2016-5214
https://security.archlinux.org/CVE-2016-5215
https://security.archlinux.org/CVE-2016-5216
https://security.archlinux.org/CVE-2016-5217
https://security.archlinux.org/CVE-2016-5218
https://security.archlinux.org/CVE-2016-5219
https://security.archlinux.org/CVE-2016-5221
https://security.archlinux.org/CVE-2016-5222
https://security.archlinux.org/CVE-2016-5223
https://security.archlinux.org/CVE-2016-5224
https://security.archlinux.org/CVE-2016-5225
https://security.archlinux.org/CVE-2016-9650
https://security.archlinux.org/CVE-2016-9651
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | qt5-webengine | < 5.8.0-1 | UNKNOWN |
bugs.chromium.org/p/chromium/issues/detail?id=643948
bugs.chromium.org/p/chromium/issues/detail?id=660678
chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html
code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.8.0
googlechromereleases.blogspot.fr/2016/10/stable-channel-update-for-desktop.html
googlechromereleases.blogspot.fr/2016/12/stable-channel-update-for-desktop.html
security.archlinux.org/AVG-162
security.archlinux.org/CVE-2016-5182
security.archlinux.org/CVE-2016-5183
security.archlinux.org/CVE-2016-5189
security.archlinux.org/CVE-2016-5199
security.archlinux.org/CVE-2016-5201
security.archlinux.org/CVE-2016-5203
security.archlinux.org/CVE-2016-5204
security.archlinux.org/CVE-2016-5205
security.archlinux.org/CVE-2016-5206
security.archlinux.org/CVE-2016-5207
security.archlinux.org/CVE-2016-5208
security.archlinux.org/CVE-2016-5210
security.archlinux.org/CVE-2016-5211
security.archlinux.org/CVE-2016-5212
security.archlinux.org/CVE-2016-5213
security.archlinux.org/CVE-2016-5214
security.archlinux.org/CVE-2016-5215
security.archlinux.org/CVE-2016-5216
security.archlinux.org/CVE-2016-5217
security.archlinux.org/CVE-2016-5218
security.archlinux.org/CVE-2016-5219
security.archlinux.org/CVE-2016-5221
security.archlinux.org/CVE-2016-5222
security.archlinux.org/CVE-2016-5223
security.archlinux.org/CVE-2016-5224
security.archlinux.org/CVE-2016-5225
security.archlinux.org/CVE-2016-9650
security.archlinux.org/CVE-2016-9651
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.236 Low
EPSS
Percentile
96.5%