Lucene search
K
Oxide ProjectOxide

5 matches found

CVE
CVE
added 2015/04/29 8:0 p.m.73 views

CVE-2015-1321

CVE-2015-1321 affects Oxide’s file picker: a use-after-free in the file picker before 1.6.5 can allow remote attackers to crash or potentially execute arbitrary code via a crafted webpage. Upgrade to Oxide 1.6.5+ to fix; apply vendor patches as available.

6.8CVSS8.1AI score0.01992EPSS
CVE
CVE
added 2017/07/25 6:0 p.m.70 views

CVE-2015-1332

CVE-2015-1332 describes a heap corruption in oxide::JavaScriptDialogManager within oxide-qt. Affected: Ubuntu 15.04 and 14.04 packaged oxide-qt core library. Impact per advisories: denial of service via renderer crash and potential arbitrary code execution when visiting a crafted website. Remedia...

8.8CVSS8.7AI score0.02568EPSS
CVE
CVE
added 2015/04/08 6:0 p.m.66 views

CVE-2015-1317

CVE-2015-1317 affects Oxide, a WEB browsing engine used with Chromium components. The vulnerability is a use-after-free/memory misreference in Oxide’s handling of deletion of all WebContents when a RenderProcessHost still exists, allowing remote-triggered crashes or potentially arbitrary code exe...

7.5CVSS8.1AI score0.02981EPSS
CVE
CVE
added 2016/05/13 2:0 p.m.62 views

CVE-2016-1578

CVE-2016-1578 is a use-after-free in Oxide (related to responding synchronously to permission requests) that could allow remote code execution or a crash. Affected platform references include Ubuntu USN-2955-1; remediation is to apply the Ubuntu security advisory update. No explicit patch version...

9.8CVSS9.6AI score0.03045EPSS
CVE
CVE
added 2019/04/22 3:35 p.m.60 views

CVE-2016-1586

Affects Oxide prior to v1.18.3 where a malicious webview can install long-lived unload handlers that reuse an incognito BrowserContext queued for destruction. This could lead to exposure of sensitive information as described in CVE-2016-1586. Remediation: upgrade to Oxide 1.18.3 or later (or appl...

7.5CVSS8.6AI score0.00665EPSS