UbuntuUSN-3236-1Oxide vulnerabilities
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.566 Medium
EPSS
Percentile
97.7%
Releases
- Ubuntu 16.10
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Packages
- oxide-qt - Web browser engine for Qt (QML plugin)
Details
Multiple vulnerabilities were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, spoof
application UI by causing the security status API or webview URL to
indicate the wrong values, bypass security restrictions, cause a denial
of service via application crash, or execute arbitrary code.
(CVE-2017-5029, CVE-2017-5030, CVE-2017-5031, CVE-2017-5033,
CVE-2017-5035, CVE-2017-5037, CVE-2017-5040, CVE-2017-5041, CVE-2017-5044,
CVE-2017-5045, CVE-2017-5046)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 16.10 | noarch | liboxideqtcore0 | < 1.21.5-0ubuntu0.16.10.1 | UNKNOWN |
| Ubuntu | 16.10 | noarch | liboxideqt-qmlplugin | < 1.21.5-0ubuntu0.16.10.1 | UNKNOWN |
| Ubuntu | 16.10 | noarch | liboxideqtcore-dev | < 1.21.5-0ubuntu0.16.10.1 | UNKNOWN |
| Ubuntu | 16.10 | noarch | liboxideqtcore0-dbgsym | < 1.21.5-0ubuntu0.16.10.1 | UNKNOWN |
| Ubuntu | 16.10 | noarch | liboxideqtquick-dev | < 1.21.5-0ubuntu0.16.10.1 | UNKNOWN |
| Ubuntu | 16.10 | noarch | liboxideqtquick0 | < 1.21.5-0ubuntu0.16.10.1 | UNKNOWN |
| Ubuntu | 16.10 | noarch | oxideqt-codecs | < 1.21.5-0ubuntu0.16.10.1 | UNKNOWN |
| Ubuntu | 16.10 | noarch | oxideqt-codecs-dbgsym | < 1.21.5-0ubuntu0.16.10.1 | UNKNOWN |
| Ubuntu | 16.10 | noarch | oxideqt-codecs-extra | < 1.21.5-0ubuntu0.16.10.1 | UNKNOWN |
| Ubuntu | 16.10 | noarch | oxideqt-codecs-extra-dbgsym | < 1.21.5-0ubuntu0.16.10.1 | UNKNOWN |
References
ubuntu.com/security/CVE-2017-5029
ubuntu.com/security/CVE-2017-5030
ubuntu.com/security/CVE-2017-5031
ubuntu.com/security/CVE-2017-5033
ubuntu.com/security/CVE-2017-5035
ubuntu.com/security/CVE-2017-5037
ubuntu.com/security/CVE-2017-5040
ubuntu.com/security/CVE-2017-5041
ubuntu.com/security/CVE-2017-5044
ubuntu.com/security/CVE-2017-5045
ubuntu.com/security/CVE-2017-5046
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.566 Medium
EPSS
Percentile
97.7%