Lucene search

K
ubuntuUbuntuUSN-3091-1
HistoryOct 07, 2016 - 12:00 a.m.

Oxide vulnerabilities

2016-10-0700:00:00
ubuntu.com
31

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.0%

Releases

  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • oxide-qt - Web browser engine for Qt (QML plugin)

Details

A use-after-free was discovered in the V8 bindings in Blink. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-5170)

A use-after-free was discovered in the V8 bindings in Blink. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-5171)

An issue was discovered in V8. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
ontain sensitive information from arbitrary memory locations.
(CVE-2016-5172)

Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash, or execute arbitrary code.
(CVE-2016-5175, CVE-2016-5178)

A use-after-free was discovered in V8. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via application crash, or
execute arbitrary code. (CVE-2016-5177)

It was discovered that Chromium does not ensure the recipient of a certain
IPC message is a valid RenderFrame or RenderWidget. An attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitary code. (CVE-2016-7549)

OSVersionArchitecturePackageVersionFilename
Ubuntu16.04noarchliboxideqtcore0< 1.17.9-0ubuntu0.16.04.1UNKNOWN
Ubuntu16.04noarchliboxideqt-qmlplugin< 1.17.9-0ubuntu0.16.04.1UNKNOWN
Ubuntu16.04noarchliboxideqtcore-dev< 1.17.9-0ubuntu0.16.04.1UNKNOWN
Ubuntu16.04noarchliboxideqtcore0-dbgsym< 1.17.9-0ubuntu0.16.04.1UNKNOWN
Ubuntu16.04noarchliboxideqtquick-dev< 1.17.9-0ubuntu0.16.04.1UNKNOWN
Ubuntu16.04noarchliboxideqtquick0< 1.17.9-0ubuntu0.16.04.1UNKNOWN
Ubuntu16.04noarchoxideqt-codecs< 1.17.9-0ubuntu0.16.04.1UNKNOWN
Ubuntu16.04noarchoxideqt-codecs-dbgsym< 1.17.9-0ubuntu0.16.04.1UNKNOWN
Ubuntu16.04noarchoxideqt-codecs-extra< 1.17.9-0ubuntu0.16.04.1UNKNOWN
Ubuntu16.04noarchoxideqt-codecs-extra-dbgsym< 1.17.9-0ubuntu0.16.04.1UNKNOWN
Rows per page:
1-10 of 251

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.0%