CVE-2016-1665 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 81%

Affected Products (NVD)

Vendor	Product	Version
opensuse	opensuse	13.1
redhat	enterprise_linux_desktop_supplementary	6.0
redhat	enterprise_linux_server_supplementary	6.0
redhat	enterprise_linux_server_supplementary_eus	6.7z:z
redhat	enterprise_linux_workstation_supplementary	6.0
google	chrome	𝑥 ≤ 50.0.2661.87

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

chromium-browser

artful	Fixed 50.0.2661.102-0ubuntu1.1242 released
bionic	Fixed 50.0.2661.102-0ubuntu1.1242 released
cosmic	Fixed 50.0.2661.102-0ubuntu1.1242 released
precise	ignored
trusty	Fixed 50.0.2661.102-0ubuntu0.14.04.1.1117 released
wily	Fixed 50.0.2661.102-0ubuntu0.15.10.1.1227 released
xenial	Fixed 50.0.2661.102-0ubuntu0.16.04.1.1237 released
yakkety	Fixed 50.0.2661.102-0ubuntu1.1242 released
zesty	Fixed 50.0.2661.102-0ubuntu1.1242 released

libv8

artful	dne
bionic	dne
cosmic	dne
precise	ignored
trusty	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

libv8-3.14

artful	ignored
bionic	ignored
cosmic	ignored
precise	dne
trusty	dne
wily	ignored
xenial	ignored
yakkety	ignored
zesty	ignored

oxide-qt

artful	Fixed 1.14.9-0ubuntu1 released
bionic	dne
cosmic	dne
precise	dne
trusty	Fixed 1.14.8-0ubuntu0.14.04.1 released
wily	Fixed 1.14.8-0ubuntu0.15.10.1 released
xenial	Fixed 1.14.8-0ubuntu0.16.04.1 released
yakkety	Fixed 1.14.9-0ubuntu1 released
zesty	Fixed 1.14.9-0ubuntu1 released

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html

http://rhn.redhat.com/errata/RHSA-2016-0707.html

http://www.debian.org/security/2016/dsa-3564

http://www.securityfocus.com/bid/89106

http://www.ubuntu.com/usn/USN-2960-1

https://codereview.chromium.org/1925463003

https://crbug.com/606181

https://security.gentoo.org/glsa/201605-02

http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html

http://rhn.redhat.com/errata/RHSA-2016-0707.html

http://www.debian.org/security/2016/dsa-3564

http://www.securityfocus.com/bid/89106

http://www.ubuntu.com/usn/USN-2960-1

https://codereview.chromium.org/1925463003

https://crbug.com/606181

https://security.gentoo.org/glsa/201605-02