10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.1 High
AI Score
Confidence
High
0.289 Low
EPSS
Percentile
96.9%
A use-after-free was discovered when responding synchronously to
permission requests. An attacker could potentially exploit this to cause
a denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking the program. (CVE-2016-1578)
An out-of-bounds read was discovered in V8. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via renderer crash. (CVE-2016-1646)
A use-after-free was discovered in the navigation implementation in
Chromium in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking the program. (CVE-2016-1647)
A buffer overflow was discovered in ANGLE. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2016-1649)
An out-of-bounds write was discovered in V8. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via renderer crash, or execute arbitrary
code with the privileges of the sandboxed renderer process.
(CVE-2016-1653)
An invalid read was discovered in the media subsystem in Chromium. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash. (CVE-2016-1654)
It was discovered that frame removal during callback execution could
trigger a use-after-free in Blink. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this
to cause a denial of service via renderer crash, or execute arbitrary
code with the privileges of the sandboxed renderer process.
(CVE-2016-1655)
Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2016-1659)
Multiple security issues were discovered in V8. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit these to read uninitialized memory, cause a denial of service via
renderer crash or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2016-3679)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 16.04 | noarch | liboxideqtcore0 | < 1.14.7-0ubuntu1 | UNKNOWN |
Ubuntu | 16.04 | noarch | liboxideqt-qmlplugin | < 1.14.7-0ubuntu1 | UNKNOWN |
Ubuntu | 16.04 | noarch | liboxideqtcore-dev | < 1.14.7-0ubuntu1 | UNKNOWN |
Ubuntu | 16.04 | noarch | liboxideqtcore0-dbgsym | < 1.14.7-0ubuntu1 | UNKNOWN |
Ubuntu | 16.04 | noarch | liboxideqtquick-dev | < 1.14.7-0ubuntu1 | UNKNOWN |
Ubuntu | 16.04 | noarch | liboxideqtquick0 | < 1.14.7-0ubuntu1 | UNKNOWN |
Ubuntu | 16.04 | noarch | oxideqt-codecs | < 1.14.7-0ubuntu1 | UNKNOWN |
Ubuntu | 16.04 | noarch | oxideqt-codecs-dbgsym | < 1.14.7-0ubuntu1 | UNKNOWN |
Ubuntu | 16.04 | noarch | oxideqt-codecs-extra | < 1.14.7-0ubuntu1 | UNKNOWN |
Ubuntu | 16.04 | noarch | oxideqt-codecs-extra-dbgsym | < 1.14.7-0ubuntu1 | UNKNOWN |
launchpad.net/bugs/1561450
ubuntu.com/security/CVE-2016-1578
ubuntu.com/security/CVE-2016-1646
ubuntu.com/security/CVE-2016-1647
ubuntu.com/security/CVE-2016-1649
ubuntu.com/security/CVE-2016-1653
ubuntu.com/security/CVE-2016-1654
ubuntu.com/security/CVE-2016-1655
ubuntu.com/security/CVE-2016-1659
ubuntu.com/security/CVE-2016-3679
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.1 High
AI Score
Confidence
High
0.289 Low
EPSS
Percentile
96.9%