Search for packages
| purl | pkg:deb/ubuntu/oxide-qt@1.20.4-0ubuntu0.14.04.1 |
| Next non-vulnerable version | 1.21.5-0ubuntu0.14.04.1 |
| Latest non-vulnerable version | 1.21.5-0ubuntu0.16.04.1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3fxs-63ze-aaam
Aliases: CVE-2017-5030 |
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-63em-f5aj-aaad
Aliases: CVE-2017-5040 |
V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-9y6t-uz46-aaad
Aliases: CVE-2017-5029 GHSA-pf6m-fxpq-fg8v |
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-a968-v7d1-aaah
Aliases: CVE-2017-5035 |
Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-dc82-nm96-aaac
Aliases: CVE-2017-5031 |
A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-e5sn-g1vc-aaan
Aliases: CVE-2017-5041 |
Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-gkum-epbx-aaaq
Aliases: CVE-2017-5046 |
V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android had insufficient policy enforcement, which allowed a remote attacker to spoof the location object via a crafted HTML page, related to Blink information disclosure. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-rkcb-qyc8-aaaa
Aliases: CVE-2017-5045 |
XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-s7zr-aw7h-aaan
Aliases: CVE-2017-5044 |
Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-t8gt-2hus-aaaa
Aliases: CVE-2017-5037 |
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-tpn3-2brd-aaad
Aliases: CVE-2017-5033 |
Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-9r59-cy8b-aaaa | Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. |
CVE-2017-5006
|
| VCID-9tv6-tvj9-aaah | Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML page. |
CVE-2017-5017
|
| VCID-9wkw-j45r-aaar | Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page. |
CVE-2017-5022
|
| VCID-b4ay-xbyg-aaaa | FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. |
CVE-2017-5024
|
| VCID-b6gm-xpgj-aaag | FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. |
CVE-2017-5025
|
| VCID-brb9-3xj9-aaah | Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
CVE-2017-5014
|
| VCID-bzx2-njp3-aaac | Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. |
CVE-2017-5010
|
| VCID-mt8f-pyvq-aaaq | WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2017-5009
|
| VCID-pe2a-7rtn-aaaq | A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2017-5019
|
| VCID-sgnc-347g-aaah | Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference via a crafted HTML page. |
CVE-2017-5023
|
| VCID-syhs-jdj3-aaas | Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. |
CVE-2017-5008
|
| VCID-tpeh-7gcc-aaaf | Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't control via a crafted HTML page. |
CVE-2017-5026
|
| VCID-ufg7-d65p-aaak | Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page. |
CVE-2017-5027
|
| VCID-wbn4-ykqu-aaak | Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. |
CVE-2017-5007
|
| VCID-wdpa-yxc1-aaaa | A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2017-5012
|
| VCID-xpyj-uw54-aaam | Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page. |
CVE-2017-5011
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|