Lucene search

K
freebsdFreeBSDBBCB1584-C068-11EE-BDD6-4CCC6ADDA413
HistoryJan 30, 2024 - 12:00 a.m.

qt6-webengine -- Multiple vulnerabilities

2024-01-3000:00:00
vuxml.freebsd.org
12
qt6
webengine
chromium
security
vulnerabilities
use after free
integer underflow
insufficient policy enforcement
unix

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

36.3%

Qt qtwebengine-chromium repo reports:

Backports for 3 security bugs in Chromium:

[1505080] High CVE-2024-0807: Use after free in WebAudio
[1504936] Critical CVE-2024-0808: Integer underflow in WebUI
[1496250] Medium CVE-2024-0810: Insufficient policy enforcement in DevTools

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchqt5-webengine< 5.15.16.p5_5UNKNOWN
FreeBSDanynoarchqt6-webengine< 6.6.1_4UNKNOWN

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

36.3%