CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
98.7%
Severity: Critical
Date : 2017-07-04
CVE-ID : CVE-2017-5070 CVE-2017-5071 CVE-2017-5075 CVE-2017-5076
CVE-2017-5077 CVE-2017-5078 CVE-2017-5079 CVE-2017-5083
CVE-2017-5088 CVE-2017-5089
Package : qt5-webengine
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-339
The package qt5-webengine before version 5.9.1-1 is vulnerable to
multiple issues including arbitrary code execution, arbitrary command
execution, information disclosure and content spoofing.
Upgrade to 5.9.1-1.
The problems have been fixed upstream in version 5.9.1.
None.
A type confusion flaw has been found in the V8 component of the
Chromium browser.
An out of bounds read flaw has been found in the V8 component of the
Chromium browser.
An information leak flaw has been found in the CSP reporting component
of the Chromium browser.
An address spoofing flaw has been found in the Omnibox component of the
Chromium browser.
A heap buffer overflow flaw was found in the Skia component of the
Chromium browser.
A possible command injection flaw has been found in the mailto handling
component of the Chromium browser.
A UI spoofing flaw has been found in the Blink component of the
Chromium browser.
A UI spoofing flaw has been found in the Blink component of the
Chromium browser.
An out-of-bounds read vulnerability has been found in the V8 component
of the Chromium browser < 59.0.3071.104.
A domain spoofing vulnerability has been found in the Omnibox component
of the Chromium browser < 59.0.3071.104.
A remote attacker can access sensitive information, spoof content and
execute arbitrary code and commands on the affected host.
https://github.com/qt/qtwebengine/blob/5.9.1/dist/changes-5.9.1
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html
https://bugs.chromium.org/p/chromium/issues/detail?id=722756
https://bugs.chromium.org/p/chromium/issues/detail?id=715582
https://bugs.chromium.org/p/chromium/issues/detail?id=678776
https://bugs.chromium.org/p/chromium/issues/detail?id=719199
https://bugs.chromium.org/p/chromium/issues/detail?id=716311
https://bugs.chromium.org/p/chromium/issues/detail?id=711020
https://bugs.chromium.org/p/chromium/issues/detail?id=713686
https://bugs.chromium.org/p/chromium/issues/detail?id=714849
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html
https://bugs.chromium.org/p/chromium/issues/detail?id=729991
https://bugs.chromium.org/p/chromium/issues/detail?id=714196
https://security.archlinux.org/CVE-2017-5070
https://security.archlinux.org/CVE-2017-5071
https://security.archlinux.org/CVE-2017-5075
https://security.archlinux.org/CVE-2017-5076
https://security.archlinux.org/CVE-2017-5077
https://security.archlinux.org/CVE-2017-5078
https://security.archlinux.org/CVE-2017-5079
https://security.archlinux.org/CVE-2017-5083
https://security.archlinux.org/CVE-2017-5088
https://security.archlinux.org/CVE-2017-5089
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | qt5-webengine | < 5.9.1-1 | UNKNOWN |
bugs.chromium.org/p/chromium/issues/detail?id=678776
bugs.chromium.org/p/chromium/issues/detail?id=711020
bugs.chromium.org/p/chromium/issues/detail?id=713686
bugs.chromium.org/p/chromium/issues/detail?id=714196
bugs.chromium.org/p/chromium/issues/detail?id=714849
bugs.chromium.org/p/chromium/issues/detail?id=715582
bugs.chromium.org/p/chromium/issues/detail?id=716311
bugs.chromium.org/p/chromium/issues/detail?id=719199
bugs.chromium.org/p/chromium/issues/detail?id=722756
bugs.chromium.org/p/chromium/issues/detail?id=729991
chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html
chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html
github.com/qt/qtwebengine/blob/5.9.1/dist/changes-5.9.1
security.archlinux.org/AVG-339
security.archlinux.org/CVE-2017-5070
security.archlinux.org/CVE-2017-5071
security.archlinux.org/CVE-2017-5075
security.archlinux.org/CVE-2017-5076
security.archlinux.org/CVE-2017-5077
security.archlinux.org/CVE-2017-5078
security.archlinux.org/CVE-2017-5079
security.archlinux.org/CVE-2017-5083
security.archlinux.org/CVE-2017-5088
security.archlinux.org/CVE-2017-5089
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
98.7%