VulnerableCode Package Details - pkg:deb/ubuntu/oxide-qt@1.20.4-0ubuntu0.16.10.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-3fxs-63ze-aaam Aliases: CVE-2017-5030	Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.	1.21.5-0ubuntu0.14.04.1 Affected by 0 other vulnerabilities. 1.21.5-0ubuntu0.16.04.1 Affected by 0 other vulnerabilities.
VCID-63em-f5aj-aaad Aliases: CVE-2017-5040	V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page.	1.21.5-0ubuntu0.14.04.1 Affected by 0 other vulnerabilities. 1.21.5-0ubuntu0.16.04.1 Affected by 0 other vulnerabilities.
VCID-9y6t-uz46-aaad Aliases: CVE-2017-5029 GHSA-pf6m-fxpq-fg8v	The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.	1.21.5-0ubuntu0.14.04.1 Affected by 0 other vulnerabilities. 1.21.5-0ubuntu0.16.04.1 Affected by 0 other vulnerabilities.
VCID-a968-v7d1-aaah Aliases: CVE-2017-5035	Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site.	1.21.5-0ubuntu0.14.04.1 Affected by 0 other vulnerabilities. 1.21.5-0ubuntu0.16.04.1 Affected by 0 other vulnerabilities.
VCID-dc82-nm96-aaac Aliases: CVE-2017-5031	A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.	1.21.5-0ubuntu0.14.04.1 Affected by 0 other vulnerabilities. 1.21.5-0ubuntu0.16.04.1 Affected by 0 other vulnerabilities.
VCID-e5sn-g1vc-aaan Aliases: CVE-2017-5041	Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page.	1.21.5-0ubuntu0.14.04.1 Affected by 0 other vulnerabilities. 1.21.5-0ubuntu0.16.04.1 Affected by 0 other vulnerabilities.
VCID-gkum-epbx-aaaq Aliases: CVE-2017-5046	V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android had insufficient policy enforcement, which allowed a remote attacker to spoof the location object via a crafted HTML page, related to Blink information disclosure.	1.21.5-0ubuntu0.14.04.1 Affected by 0 other vulnerabilities. 1.21.5-0ubuntu0.16.04.1 Affected by 0 other vulnerabilities.
VCID-rkcb-qyc8-aaaa Aliases: CVE-2017-5045	XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page.	1.21.5-0ubuntu0.14.04.1 Affected by 0 other vulnerabilities. 1.21.5-0ubuntu0.16.04.1 Affected by 0 other vulnerabilities.
VCID-s7zr-aw7h-aaan Aliases: CVE-2017-5044	Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.	1.21.5-0ubuntu0.14.04.1 Affected by 0 other vulnerabilities. 1.21.5-0ubuntu0.16.04.1 Affected by 0 other vulnerabilities.
VCID-t8gt-2hus-aaaa Aliases: CVE-2017-5037	An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.	1.21.5-0ubuntu0.14.04.1 Affected by 0 other vulnerabilities. 1.21.5-0ubuntu0.16.04.1 Affected by 0 other vulnerabilities.
VCID-tpn3-2brd-aaad Aliases: CVE-2017-5033	Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword.	1.21.5-0ubuntu0.14.04.1 Affected by 0 other vulnerabilities. 1.21.5-0ubuntu0.16.04.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-3fxs-63ze-aaam
Aliases:
CVE-2017-5030

Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.