Lucene search

FreeBSDBBCB1584-C068-11EE-BDD6-4CCC6ADDA413

HistoryJan 30, 2024 - 12:00 a.m.

qt6-webengine -- Multiple vulnerabilities

2024-01-3000:00:00

vuxml.freebsd.org

qt6

webengine

chromium

security

vulnerabilities

use after free

integer underflow

insufficient policy enforcement

unix

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

36.4%

JSON

Qt qtwebengine-chromium repo reports:

Backports for 3 security bugs in Chromium:

[1505080] High CVE-2024-0807: Use after free in WebAudio
[1504936] Critical CVE-2024-0808: Integer underflow in WebUI
[1496250] Medium CVE-2024-0810: Insufficient policy enforcement in DevTools

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchqt5-webengine< 5.15.16.p5_5UNKNOWN
FreeBSDanynoarchqt6-webengine< 6.6.1_4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	qt5-webengine	< 5.15.16.p5_5	UNKNOWN
FreeBSD	any	noarch	qt6-webengine	< 6.6.1_4	UNKNOWN

References

code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=112-based

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

36.4%

JSON

Related for BBCB1584-C068-11EE-BDD6-4CCC6ADDA413