UbuntuUSN-2877-1Oxide vulnerabilities
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.072 Low
EPSS
Percentile
93.9%
Releases
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 ESM
Packages
- oxide-qt - Web browser engine library for Qt (QML plugin)
Details
A bad cast was discovered in V8. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via renderer crash or execute arbitrary code
with the privileges of the sandboxed render process. (CVE-2016-1612)
An issue was discovered when initializing the UnacceleratedImageBufferSurface
class in Blink. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to obtain sensitive
information. (CVE-2016-1614)
An issue was discovered with the CSP implementation in Blink. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to determine whether specific HSTS sites had been
visited by reading a CSP report. (CVE-2016-1617)
An issue was discovered with random number generator in Blink. An attacker
could potentially exploit this to defeat cryptographic protection
mechanisms. (CVE-2016-1618)
Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2016-1620)
Multiple security issues were discovered in V8. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit these to read uninitialized memory, cause a denial of service via
renderer crash or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2016-2051)
Multiple security issues were discovered in Harfbuzz. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via renderer
crash or execute arbitrary code with the privileges of the sandboxed
render process. (CVE-2016-2052)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 15.10 | noarch | liboxideqtcore0 | < 1.12.5-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | liboxideqt-qmlplugin | < 1.12.5-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | liboxideqt-qmlplugin-dbgsym | < 1.12.5-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | liboxideqtcore0-dbgsym | < 1.12.5-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | liboxideqtquick0 | < 1.12.5-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | liboxideqtquick0-dbgsym | < 1.12.5-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | oxideqt-chromedriver | < 1.12.5-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | oxideqt-codecs | < 1.12.5-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | oxideqt-codecs-dbg | < 1.12.5-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | oxideqt-codecs-dbgsym | < 1.12.5-0ubuntu0.15.10.1 | UNKNOWN |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.072 Low
EPSS
Percentile
93.9%