CVE-2016-1665 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Chrome	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 80%

Vendor	Product	Version
opensuse	opensuse	13.1
redhat	enterprise_linux_desktop_supplementary	6.0
redhat	enterprise_linux_server_supplementary	6.0
redhat	enterprise_linux_server_supplementary_eus	6.7z:z
redhat	enterprise_linux_workstation_supplementary	6.0
google	chrome	𝑥 ≤ 50.0.2661.87

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

chromium-browser

cosmic	Fixed 50.0.2661.102-0ubuntu1.1242 released
bionic	Fixed 50.0.2661.102-0ubuntu1.1242 released
artful	Fixed 50.0.2661.102-0ubuntu1.1242 released
zesty	Fixed 50.0.2661.102-0ubuntu1.1242 released
yakkety	Fixed 50.0.2661.102-0ubuntu1.1242 released
xenial	Fixed 50.0.2661.102-0ubuntu0.16.04.1.1237 released
wily	Fixed 50.0.2661.102-0ubuntu0.15.10.1.1227 released
trusty	Fixed 50.0.2661.102-0ubuntu0.14.04.1.1117 released
precise	ignored

libv8

cosmic	dne
bionic	dne
artful	dne
zesty	dne
yakkety	dne
xenial	dne
wily	dne
trusty	dne
precise	ignored

libv8-3.14

cosmic	ignored
bionic	ignored
artful	ignored
zesty	ignored
yakkety	ignored
xenial	ignored
wily	ignored
trusty	dne
precise	dne

oxide-qt

cosmic	dne
bionic	dne
artful	Fixed 1.14.9-0ubuntu1 released
zesty	Fixed 1.14.9-0ubuntu1 released
yakkety	Fixed 1.14.9-0ubuntu1 released
xenial	Fixed 1.14.8-0ubuntu0.16.04.1 released
wily	Fixed 1.14.8-0ubuntu0.15.10.1 released
trusty	Fixed 1.14.8-0ubuntu0.14.04.1 released
precise	dne

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html

http://rhn.redhat.com/errata/RHSA-2016-0707.html

http://www.debian.org/security/2016/dsa-3564

http://www.securityfocus.com/bid/89106

http://www.ubuntu.com/usn/USN-2960-1

https://codereview.chromium.org/1925463003

https://crbug.com/606181

https://security.gentoo.org/glsa/201605-02

http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html

http://rhn.redhat.com/errata/RHSA-2016-0707.html

http://www.debian.org/security/2016/dsa-3564

http://www.securityfocus.com/bid/89106

http://www.ubuntu.com/usn/USN-2960-1

https://codereview.chromium.org/1925463003

https://crbug.com/606181

https://security.gentoo.org/glsa/201605-02