CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
91.9%
An uninitialized value issue was discovered in ICU. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service. (CVE-2015-1270)
A use-after-free was discovered in the GPU process implementation in
Chromium. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-1272)
A use-after-free was discovered in the IndexedDB implementation in
Chromium. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-1276)
A use-after-free was discovered in the accessibility implemetation in
Chromium. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-1277)
A memory corruption issue was discovered in Skia. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via renderer crash, or execute
arbitrary code with the privileges of the sandboxed render process.
(CVE-2015-1280)
It was discovered that Blink did not properly determine the V8 context of
a microtask in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
bypass Content Security Policy (CSP) restrictions. (CVE-2015-1281)
Multiple integer overflows were discovered in Expat. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
the program. (CVE-2015-1283)
It was discovered that Blink did not enforce a page’s maximum number of
frames in some circumstances, resulting in a use-after-free. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via renderer crash,
or execute arbitrary code with the privileges of the sandboxed render
process. (CVE-2015-1284)
It was discovered that the XSS auditor in Blink did not properly choose a
truncation point. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to obtain sensitive
information. (CVE-2015-1285)
An issue was discovered in the CSS implementation in Blink. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to bypass same-origin restrictions.
(CVE-2015-1287)
Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-1289)
A use-after-free was discovered in oxide::qt::URLRequestDelegatedJob in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking the program. (CVE-2015-1329)
A crash was discovered in the regular expression implementation in V8 in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service. (CVE-2015-5605)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 15.04 | noarch | liboxideqtcore0 | < 1.8.4-0ubuntu0.15.04.1 | UNKNOWN |
Ubuntu | 15.04 | noarch | liboxideqt-qmlplugin | < 1.8.4-0ubuntu0.15.04.1 | UNKNOWN |
Ubuntu | 15.04 | noarch | liboxideqt-qmlplugin-dbgsym | < 1.8.4-0ubuntu0.15.04.1 | UNKNOWN |
Ubuntu | 15.04 | noarch | liboxideqtcore0-dbgsym | < 1.8.4-0ubuntu0.15.04.1 | UNKNOWN |
Ubuntu | 15.04 | noarch | liboxideqtquick0 | < 1.8.4-0ubuntu0.15.04.1 | UNKNOWN |
Ubuntu | 15.04 | noarch | liboxideqtquick0-dbgsym | < 1.8.4-0ubuntu0.15.04.1 | UNKNOWN |
Ubuntu | 15.04 | noarch | oxideqt-chromedriver | < 1.8.4-0ubuntu0.15.04.1 | UNKNOWN |
Ubuntu | 15.04 | noarch | oxideqt-codecs | < 1.8.4-0ubuntu0.15.04.1 | UNKNOWN |
Ubuntu | 15.04 | noarch | oxideqt-codecs-dbg | < 1.8.4-0ubuntu0.15.04.1 | UNKNOWN |
Ubuntu | 15.04 | noarch | oxideqt-codecs-dbgsym | < 1.8.4-0ubuntu0.15.04.1 | UNKNOWN |
launchpad.net/bugs/1466208
ubuntu.com/security/CVE-2015-1270
ubuntu.com/security/CVE-2015-1272
ubuntu.com/security/CVE-2015-1276
ubuntu.com/security/CVE-2015-1277
ubuntu.com/security/CVE-2015-1280
ubuntu.com/security/CVE-2015-1281
ubuntu.com/security/CVE-2015-1283
ubuntu.com/security/CVE-2015-1284
ubuntu.com/security/CVE-2015-1285
ubuntu.com/security/CVE-2015-1287
ubuntu.com/security/CVE-2015-1289
ubuntu.com/security/CVE-2015-1329
ubuntu.com/security/CVE-2015-5605
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
91.9%