Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    10 vulnerabilities by oxide_project

    CVE-2016-1586 (GCVE-0-2016-1586)

    Vulnerability from cvelistv5 – Published: 2019-04-22 15:35 – Updated: 2024-09-16 22:20
    VLAI
    Summary
    A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3.
    CWE
    • Imprecise garbage collection.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ubuntu Oxide Affected: unspecified , < 1.18.3 (custom)
    Create a notification for this product.
    Date Public
    2016-09-23 00:00
    Credits
    Chris Coulson
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:02:11.670Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.launchpad.net/oxide/commit/?id=29014da83e5fc358d6bff0f574e9ed45e61a35ac"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Oxide",
              "vendor": "Ubuntu",
              "versions": [
                {
                  "lessThan": "1.18.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Chris Coulson"
            }
          ],
          "datePublic": "2016-09-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 1.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Imprecise garbage collection.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-22T15:35:59.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.launchpad.net/oxide/commit/?id=29014da83e5fc358d6bff0f574e9ed45e61a35ac"
            }
          ],
          "source": {
            "advisory": "https://usn.ubuntu.com/3113-1/",
            "defect": [
              "https://bugs.launchpad.net/oxide/%2Bbug/1626099"
            ],
            "discovery": "INTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "DATE_PUBLIC": "2016-09-23T00:00:00.000Z",
              "ID": "CVE-2016-1586",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Oxide",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "1.18.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Ubuntu"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Chris Coulson"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 1.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Imprecise garbage collection."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://git.launchpad.net/oxide/commit/?id=29014da83e5fc358d6bff0f574e9ed45e61a35ac",
                  "refsource": "MISC",
                  "url": "https://git.launchpad.net/oxide/commit/?id=29014da83e5fc358d6bff0f574e9ed45e61a35ac"
                }
              ]
            },
            "source": {
              "advisory": "https://usn.ubuntu.com/3113-1/",
              "defect": [
                "https://bugs.launchpad.net/oxide/%2Bbug/1626099"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2016-1586",
        "datePublished": "2019-04-22T15:35:59.609Z",
        "dateReserved": "2016-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:20:17.526Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-1332 (GCVE-0-2015-1332)

    Vulnerability from cvelistv5 – Published: 2017-07-25 18:00 – Updated: 2024-08-06 04:40
    VLAI
    Summary
    The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-09-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:40:18.208Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1332.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://launchpad.net/ubuntu/+source/oxide-qt/1.9.1-0ubuntu0.15.04.1"
              },
              {
                "name": "USN-2735-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2735-1"
              },
              {
                "name": "76710",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/76710"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-09-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-25T17:57:01.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1332.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://launchpad.net/ubuntu/+source/oxide-qt/1.9.1-0ubuntu0.15.04.1"
            },
            {
              "name": "USN-2735-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2735-1"
            },
            {
              "name": "76710",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/76710"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "ID": "CVE-2015-1332",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1332.html",
                  "refsource": "CONFIRM",
                  "url": "http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1332.html"
                },
                {
                  "name": "https://launchpad.net/ubuntu/+source/oxide-qt/1.9.1-0ubuntu0.15.04.1",
                  "refsource": "CONFIRM",
                  "url": "https://launchpad.net/ubuntu/+source/oxide-qt/1.9.1-0ubuntu0.15.04.1"
                },
                {
                  "name": "USN-2735-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2735-1"
                },
                {
                  "name": "76710",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/76710"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2015-1332",
        "datePublished": "2017-07-25T18:00:00.000Z",
        "dateReserved": "2015-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:40:18.208Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1578 (GCVE-0-2016-1578)

    Vulnerability from cvelistv5 – Published: 2016-05-13 14:00 – Updated: 2024-08-05 23:02
    VLAI
    Summary
    Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously to permission requests.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2955-1 vendor-advisoryx_refsource_UBUNTU
    Date Public
    2016-04-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:02:11.737Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2955-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2955-1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously to permission requests."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-05-13T12:57:01.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "name": "USN-2955-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2955-1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "ID": "CVE-2016-1578",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously to permission requests."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-2955-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2955-1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2016-1578",
        "datePublished": "2016-05-13T14:00:00.000Z",
        "dateReserved": "2016-01-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:02:11.737Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-1321 (GCVE-0-2015-1321)

    Vulnerability from cvelistv5 – Published: 2015-04-29 20:00 – Updated: 2024-08-06 04:40
    VLAI
    Summary
    Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2570-1 vendor-advisoryx_refsource_UBUNTU
    Date Public
    2015-04-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:40:18.571Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2570-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2570-1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-04-29T19:57:01.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "name": "USN-2570-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2570-1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "ID": "CVE-2015-1321",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-2570-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2570-1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2015-1321",
        "datePublished": "2015-04-29T20:00:00.000Z",
        "dateReserved": "2015-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:40:18.571Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-1317 (GCVE-0-2015-1317)

    Vulnerability from cvelistv5 – Published: 2015-04-08 18:00 – Updated: 2024-08-06 04:40
    VLAI
    Summary
    Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://bugs.launchpad.net/oxide/+bug/1431484 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2556-1 vendor-advisoryx_refsource_UBUNTU
    Date Public
    2015-04-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:40:18.604Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/oxide/+bug/1431484"
              },
              {
                "name": "USN-2556-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2556-1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-04-10T12:57:00.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/oxide/+bug/1431484"
            },
            {
              "name": "USN-2556-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2556-1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "ID": "CVE-2015-1317",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.launchpad.net/oxide/+bug/1431484",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/oxide/+bug/1431484"
                },
                {
                  "name": "USN-2556-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2556-1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2015-1317",
        "datePublished": "2015-04-08T18:00:00.000Z",
        "dateReserved": "2015-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:40:18.604Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1586 (GCVE-0-2016-1586)

    Vulnerability from nvd – Published: 2019-04-22 15:35 – Updated: 2024-09-16 22:20
    VLAI
    Summary
    A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3.
    CWE
    • Imprecise garbage collection.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ubuntu Oxide Affected: unspecified , < 1.18.3 (custom)
    Create a notification for this product.
    Date Public
    2016-09-23 00:00
    Credits
    Chris Coulson
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:02:11.670Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.launchpad.net/oxide/commit/?id=29014da83e5fc358d6bff0f574e9ed45e61a35ac"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Oxide",
              "vendor": "Ubuntu",
              "versions": [
                {
                  "lessThan": "1.18.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Chris Coulson"
            }
          ],
          "datePublic": "2016-09-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 1.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Imprecise garbage collection.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-22T15:35:59.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.launchpad.net/oxide/commit/?id=29014da83e5fc358d6bff0f574e9ed45e61a35ac"
            }
          ],
          "source": {
            "advisory": "https://usn.ubuntu.com/3113-1/",
            "defect": [
              "https://bugs.launchpad.net/oxide/%2Bbug/1626099"
            ],
            "discovery": "INTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "DATE_PUBLIC": "2016-09-23T00:00:00.000Z",
              "ID": "CVE-2016-1586",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Oxide",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "1.18.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Ubuntu"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Chris Coulson"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 1.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Imprecise garbage collection."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://git.launchpad.net/oxide/commit/?id=29014da83e5fc358d6bff0f574e9ed45e61a35ac",
                  "refsource": "MISC",
                  "url": "https://git.launchpad.net/oxide/commit/?id=29014da83e5fc358d6bff0f574e9ed45e61a35ac"
                }
              ]
            },
            "source": {
              "advisory": "https://usn.ubuntu.com/3113-1/",
              "defect": [
                "https://bugs.launchpad.net/oxide/%2Bbug/1626099"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2016-1586",
        "datePublished": "2019-04-22T15:35:59.609Z",
        "dateReserved": "2016-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:20:17.526Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-1332 (GCVE-0-2015-1332)

    Vulnerability from nvd – Published: 2017-07-25 18:00 – Updated: 2024-08-06 04:40
    VLAI
    Summary
    The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-09-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:40:18.208Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1332.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://launchpad.net/ubuntu/+source/oxide-qt/1.9.1-0ubuntu0.15.04.1"
              },
              {
                "name": "USN-2735-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2735-1"
              },
              {
                "name": "76710",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/76710"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-09-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-25T17:57:01.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1332.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://launchpad.net/ubuntu/+source/oxide-qt/1.9.1-0ubuntu0.15.04.1"
            },
            {
              "name": "USN-2735-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2735-1"
            },
            {
              "name": "76710",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/76710"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "ID": "CVE-2015-1332",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1332.html",
                  "refsource": "CONFIRM",
                  "url": "http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1332.html"
                },
                {
                  "name": "https://launchpad.net/ubuntu/+source/oxide-qt/1.9.1-0ubuntu0.15.04.1",
                  "refsource": "CONFIRM",
                  "url": "https://launchpad.net/ubuntu/+source/oxide-qt/1.9.1-0ubuntu0.15.04.1"
                },
                {
                  "name": "USN-2735-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2735-1"
                },
                {
                  "name": "76710",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/76710"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2015-1332",
        "datePublished": "2017-07-25T18:00:00.000Z",
        "dateReserved": "2015-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:40:18.208Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1578 (GCVE-0-2016-1578)

    Vulnerability from nvd – Published: 2016-05-13 14:00 – Updated: 2024-08-05 23:02
    VLAI
    Summary
    Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously to permission requests.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2955-1 vendor-advisoryx_refsource_UBUNTU
    Date Public
    2016-04-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:02:11.737Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2955-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2955-1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously to permission requests."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-05-13T12:57:01.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "name": "USN-2955-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2955-1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "ID": "CVE-2016-1578",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously to permission requests."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-2955-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2955-1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2016-1578",
        "datePublished": "2016-05-13T14:00:00.000Z",
        "dateReserved": "2016-01-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:02:11.737Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-1321 (GCVE-0-2015-1321)

    Vulnerability from nvd – Published: 2015-04-29 20:00 – Updated: 2024-08-06 04:40
    VLAI
    Summary
    Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2570-1 vendor-advisoryx_refsource_UBUNTU
    Date Public
    2015-04-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:40:18.571Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2570-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2570-1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-04-29T19:57:01.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "name": "USN-2570-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2570-1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "ID": "CVE-2015-1321",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-2570-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2570-1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2015-1321",
        "datePublished": "2015-04-29T20:00:00.000Z",
        "dateReserved": "2015-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:40:18.571Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-1317 (GCVE-0-2015-1317)

    Vulnerability from nvd – Published: 2015-04-08 18:00 – Updated: 2024-08-06 04:40
    VLAI
    Summary
    Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://bugs.launchpad.net/oxide/+bug/1431484 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2556-1 vendor-advisoryx_refsource_UBUNTU
    Date Public
    2015-04-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:40:18.604Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/oxide/+bug/1431484"
              },
              {
                "name": "USN-2556-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2556-1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-04-10T12:57:00.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/oxide/+bug/1431484"
            },
            {
              "name": "USN-2556-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2556-1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "ID": "CVE-2015-1317",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.launchpad.net/oxide/+bug/1431484",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/oxide/+bug/1431484"
                },
                {
                  "name": "USN-2556-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2556-1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2015-1317",
        "datePublished": "2015-04-08T18:00:00.000Z",
        "dateReserved": "2015-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:40:18.604Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }