CVE-2016-1586

EPSS 0.18%
Veröffentlicht 22.04.2019 16:29:01
Zuletzt bearbeitet 21.11.2024 02:46:41
Quelle security@ubuntu.com
CVE-Watchlists
Login
Unerledigt
Login

A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oxide Project ≫ Oxide Version < 1.18.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.361

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
security@ubuntu.com	1.8	0.3	1.4	CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://git.launchpad.net/oxide/commit/?id=29014da83e5fc358d6bff0f574e9ed45e61a35ac

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-1586

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-1586

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-1586

EUVD