7.6 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.067 Low
EPSS
Percentile
93.8%
Several security issues were discovered in the DOM implementation in
Blink. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit these to bypass Same Origin Policy
restrictions. (CVE-2015-1253, CVE-2015-1254)
A use-after-free was discovered in the WebAudio implementation in
Chromium. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via renderer crash, or execute arbitrary code with the privileges
of the sandboxed render process. (CVE-2015-1255)
A use-after-free was discovered in the SVG implementation in Blink. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via renderer
crash, or execute arbitrary code with the privileges of the sandboxed
render process. (CVE-2015-1256)
A security issue was discovered in the SVG implementation in Blink. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via renderer
crash. (CVE-2015-1257)
An issue was discovered with the build of libvpx. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via renderer crash, or execute
arbitrary code with the privileges of the sandboxed render process.
(CVE-2015-1258)
Multiple use-after-free issues were discovered in the WebRTC
implementation in Chromium. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit these to
cause a denial of service via renderer crash, or execute arbitrary code
with the privileges of the sandboxed render process. (CVE-2015-1260)
An uninitialized value bug was discovered in the font shaping code in
Blink. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit this to cause a denial of service
via renderer crash. (CVE-2015-1262)
Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-1265)
Multiple security issues were discovered in V8. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit these to read uninitialized memory, cause a denial of service via
renderer crash or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2015-3910)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 15.04 | noarch | liboxideqtcore0 | < 1.7.8-0ubuntu0.15.04.1 | UNKNOWN |
Ubuntu | 15.04 | noarch | liboxideqt-qmlplugin | < 1.7.8-0ubuntu0.15.04.1 | UNKNOWN |
Ubuntu | 15.04 | noarch | liboxideqt-qmlplugin-dbgsym | < 1.7.8-0ubuntu0.15.04.1 | UNKNOWN |
Ubuntu | 15.04 | noarch | liboxideqtcore0-dbgsym | < 1.7.8-0ubuntu0.15.04.1 | UNKNOWN |
Ubuntu | 15.04 | noarch | liboxideqtquick0 | < 1.7.8-0ubuntu0.15.04.1 | UNKNOWN |
Ubuntu | 15.04 | noarch | liboxideqtquick0-dbgsym | < 1.7.8-0ubuntu0.15.04.1 | UNKNOWN |
Ubuntu | 15.04 | noarch | oxideqt-chromedriver | < 1.7.8-0ubuntu0.15.04.1 | UNKNOWN |
Ubuntu | 15.04 | noarch | oxideqt-codecs | < 1.7.8-0ubuntu0.15.04.1 | UNKNOWN |
Ubuntu | 15.04 | noarch | oxideqt-codecs-dbg | < 1.7.8-0ubuntu0.15.04.1 | UNKNOWN |
Ubuntu | 15.04 | noarch | oxideqt-codecs-dbgsym | < 1.7.8-0ubuntu0.15.04.1 | UNKNOWN |
ubuntu.com/security/CVE-2015-1253
ubuntu.com/security/CVE-2015-1254
ubuntu.com/security/CVE-2015-1255
ubuntu.com/security/CVE-2015-1256
ubuntu.com/security/CVE-2015-1257
ubuntu.com/security/CVE-2015-1258
ubuntu.com/security/CVE-2015-1260
ubuntu.com/security/CVE-2015-1262
ubuntu.com/security/CVE-2015-1265
ubuntu.com/security/CVE-2015-3910