Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-2556-1
HistoryApr 07, 2015 - 12:00 a.m.

Oxide vulnerabilities

2015-04-0700:00:00
ubuntu.com
23

7.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.086 Low

EPSS

Percentile

94.4%

JSON

Releases

  • Ubuntu 14.10
  • Ubuntu 14.04 ESM

Packages

  • oxide-qt - Web browser engine library for Qt (QML plugin)

Details

It was discovered that Chromium did not properly handle the interaction
of IPC, the gamepad API and V8. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2015-1233)

A buffer overflow was discovered in the GPU service. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash. (CVE-2015-1234)

It was discovered that Oxide did not correctly manage the lifetime of
BrowserContext, resulting in a potential use-after-free in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-1317)

OSVersionArchitecturePackageVersionFilename
Ubuntu14.10noarchliboxideqtcore0< 1.5.6-0ubuntu0.14.10.1UNKNOWN
Ubuntu14.10noarchliboxideqt-qmlplugin< 1.5.6-0ubuntu0.14.10.1UNKNOWN
Ubuntu14.10noarchliboxideqtquick0< 1.5.6-0ubuntu0.14.10.1UNKNOWN
Ubuntu14.10noarchoxideqmlscene< 1.5.6-0ubuntu0.14.10.1UNKNOWN
Ubuntu14.10noarchoxideqt-chromedriver< 1.5.6-0ubuntu0.14.10.1UNKNOWN
Ubuntu14.10noarchoxideqt-codecs< 1.5.6-0ubuntu0.14.10.1UNKNOWN
Ubuntu14.10noarchoxideqt-codecs-dbg< 1.5.6-0ubuntu0.14.10.1UNKNOWN
Ubuntu14.10noarchoxideqt-codecs-extra< 1.5.6-0ubuntu0.14.10.1UNKNOWN
Ubuntu14.10noarchoxideqt-codecs-extra-dbg< 1.5.6-0ubuntu0.14.10.1UNKNOWN
Ubuntu14.10noarchoxideqt-dbg< 1.5.6-0ubuntu0.14.10.1UNKNOWN
Rows per page:
1-10 of 201

Related

nessus 7
openvas 7
chrome 1
redhat 1
archlinux 1
kaspersky 1
mageia 1
suse 1
ubuntucve 3
prion 3
cve 3
debiancve 2
zdi 1
gentoo 1
nessus
nessus
Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2556-1)
2015-04-08 00:00:00
RHEL 6 : chromium-browser (RHSA-2015:0778)
2015-04-07 00:00:00
Google Chrome < 41.0.2272.118 Multiple Vulnerabilities
2015-04-02 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2556-1)
2015-04-08 00:00:00
Google Chrome Multiple Vulnerabilities-01 (Apr 2015) - Linux
2015-04-06 00:00:00
Mageia: Security Advisory (MGASA-2015-0141)
2022-01-28 00:00:00
chrome
chrome
Stable Channel Update
2015-04-01 00:00:00
redhat
redhat
(RHSA-2015:0778) Critical: chromium-browser security update
2015-04-06 00:00:00
archlinux
archlinux
chromium: remote code execution
2015-04-02 00:00:00
kaspersky
kaspersky
KLA10524 Multiple vulnerabilities in Google Chrome
2015-04-01 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerabilities
2015-04-10 01:44:14
suse
suse
Security update for Chromium (important)
2015-04-08 16:06:12
ubuntucve
ubuntucve
CVE-2015-1317
2015-04-07 00:00:00
CVE-2015-1233
2015-04-01 00:00:00
CVE-2015-1234
2015-04-01 00:00:00
prion
prion
Design/Logic Flaw
2015-04-08 18:59:00
Code injection
2015-04-01 21:59:00
Race condition
2015-04-01 21:59:00
cve
cve
CVE-2015-1317
2015-04-08 18:59:00
CVE-2015-1233
2015-04-01 21:59:00
CVE-2015-1234
2015-04-01 21:59:00
debiancve
debiancve
CVE-2015-1233
2015-04-01 21:59:00
CVE-2015-1234
2015-04-01 21:59:00
zdi
zdi
(Pwn2Own) Google Chrome pnacl Shared Memory Time-Of-Check/Time-Of-Use Remote Code Execution Vulnerability
2015-04-15 00:00:00
gentoo
gentoo
Chromium: Multiple vulnerabilities
2015-06-23 00:00:00

7.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.086 Low

EPSS

Percentile

94.4%

JSON
Related for USN-2556-1
nessus7openvas7chrome1redhat1archlinux1kaspersky1mageia1suse1ubuntucve3prion3cve3debiancve2zdi1gentoo1