Search CVE reports
11 – 20 of 878 results
CVE-2018-6156
High prioritySome fixes available 7 of 8
Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
3 affected packages
chromium-browser, firefox, oxide-qt
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | Fixed | Fixed |
| firefox | — | — | — | Fixed | Fixed |
| oxide-qt | — | — | — | Not in release | Ignored |
CVE-2018-6155
High prioritySome fixes available 3 of 4
Incorrect handling of frames in the VP8 parser in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
2 affected packages
chromium-browser, oxide-qt
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | Fixed | Fixed |
| oxide-qt | — | — | — | Not in release | Ignored |
CVE-2018-6154
Medium prioritySome fixes available 3 of 4
Insufficient data validation in WebGL in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
2 affected packages
chromium-browser, oxide-qt
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | Fixed | Fixed |
| oxide-qt | — | — | — | Not in release | Ignored |
CVE-2018-6150
Low prioritySome fixes available 3 of 4
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
2 affected packages
chromium-browser, oxide-qt
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | Fixed | Fixed |
| oxide-qt | — | — | — | Not in release | Ignored |
CVE-2018-6149
Medium prioritySome fixes available 4 of 10
Type confusion in JavaScript in Google Chrome prior to 67.0.3396.87 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
3 affected packages
chromium-browser, libv8-3.14, oxide-qt
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | Fixed | Fixed |
| libv8-3.14 | — | — | — | Ignored | Ignored |
| oxide-qt | — | — | — | Not in release | Ignored |
CVE-2018-6148
Medium prioritySome fixes available 4 of 6
Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
2 affected packages
chromium-browser, oxide-qt
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | Fixed | Fixed |
| oxide-qt | — | — | — | Not in release | Ignored |
CVE-2018-6145
Medium prioritySome fixes available 4 of 6
Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
2 affected packages
chromium-browser, oxide-qt
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | Fixed | Fixed |
| oxide-qt | — | — | — | Not in release | Ignored |
CVE-2018-6142
Medium prioritySome fixes available 4 of 10
Array bounds check failure in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
3 affected packages
chromium-browser, libv8-3.14, oxide-qt
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | Fixed | Fixed |
| libv8-3.14 | — | — | — | Ignored | Ignored |
| oxide-qt | — | — | — | Not in release | Ignored |
CVE-2018-6138
Medium prioritySome fixes available 4 of 6
Insufficient policy enforcement in Extensions API in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
2 affected packages
chromium-browser, oxide-qt
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | Fixed | Fixed |
| oxide-qt | — | — | — | Not in release | Ignored |
CVE-2018-6136
Medium prioritySome fixes available 4 of 10
Missing type check in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
3 affected packages
chromium-browser, libv8-3.14, oxide-qt
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | Fixed | Fixed |
| libv8-3.14 | — | — | — | Ignored | Ignored |
| oxide-qt | — | — | — | Not in release | Ignored |