Lucene search

K

Veracode Vulnerability DatabaseVERACODE:31839

HistoryAug 27, 2021 - 10:47 a.m.

Remote Code Execution (RCE)

2021-08-2710:47:48

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

29

remote code execution

qt5

vulnerability

sanitization

attacker

arbitrary code

sandbox

html page

EPSS

0.01

Percentile

83.6%

qt5-qtwebengine is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization which allows an attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

References

chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html

crbug.com/1234770

lists.fedoraproject.org/archives/list/[email protected]/message/5LVY4WIWTVVYKQMROJJS365TZBKEARCF/

lists.fedoraproject.org/archives/list/[email protected]/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6/

lists.fedoraproject.org/archives/list/[email protected]/message/QW4R2K5HVJ4R6XDZYOJCCFPIN2XHNS3L/

secdb.alpinelinux.org/edge/community.yaml

EPSS

0.01

Percentile

83.6%

Related for VERACODE:31839

cnvd1 alpinelinux1 debiancve1 nvd1 prion1 ubuntucve1 mscve1 cvelist1 cve1 kaspersky3 nessus9 freebsd1 suse4 chrome1 openvas6 fedora4 photon1 gentoo1 osv2