rpm package
opensuse/libqt5-qtwebengine&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/libqt5-qtwebengine&distro=openSUSE%20Tumbleweed
Vulnerabilities (41)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-3619 | — | < 5.15.19-1.1 | 5.15.19-1.1 | Apr 16, 2025 | Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||
| CVE-2025-2783 | — | KEV | < 5.15.19-1.1 | 5.15.19-1.1 | Mar 26, 2025 | Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High) | |
| CVE-2025-24855 | — | < 5.15.19-1.1 | 5.15.19-1.1 | Mar 14, 2025 | numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal. | ||
| CVE-2024-55549 | — | < 5.15.19-1.1 | 5.15.19-1.1 | Mar 14, 2025 | xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. | ||
| CVE-2025-24201 | Cri | 10.0 | KEV | < 5.15.19-1.1 | 5.15.19-1.1 | Mar 11, 2025 | An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2, |
| CVE-2025-2136 | — | < 5.15.19-1.1 | 5.15.19-1.1 | Mar 10, 2025 | Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-1919 | — | < 5.15.19-1.1 | 5.15.19-1.1 | Mar 5, 2025 | Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-1426 | — | < 5.15.19-1.1 | 5.15.19-1.1 | Feb 19, 2025 | Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0999 | — | < 5.15.19-1.1 | 5.15.19-1.1 | Feb 19, 2025 | Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0996 | — | < 5.15.19-1.1 | 5.15.19-1.1 | Feb 15, 2025 | Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0762 | — | < 5.15.19-1.1 | 5.15.19-1.1 | Jan 29, 2025 | Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) | ||
| CVE-2025-0436 | — | < 5.15.19-1.1 | 5.15.19-1.1 | Jan 15, 2025 | Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-12694 | — | < 5.15.19-1.1 | 5.15.19-1.1 | Dec 18, 2024 | Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-11477 | — | < 5.15.19-1.1 | 5.15.19-1.1 | Nov 22, 2024 | 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors | ||
| CVE-2024-10827 | — | < 5.15.19-1.1 | 5.15.19-1.1 | Nov 6, 2024 | Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-10229 | — | < 5.15.19-1.1 | 5.15.19-1.1 | Oct 22, 2024 | Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High) | ||
| CVE-2024-9603 | — | < 5.15.18-1.1 | 5.15.18-1.1 | Oct 8, 2024 | Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-9602 | — | < 5.15.18-1.1 | 5.15.18-1.1 | Oct 8, 2024 | Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-9123 | — | < 5.15.18-1.1 | 5.15.18-1.1 | Sep 24, 2024 | Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-8636 | — | < 5.15.18-1.1 | 5.15.18-1.1 | Sep 11, 2024 | Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
- CVE-2025-3619Apr 16, 2025affected < 5.15.19-1.1fixed 5.15.19-1.1
Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
- affected < 5.15.19-1.1fixed 5.15.19-1.1
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
- CVE-2025-24855Mar 14, 2025affected < 5.15.19-1.1fixed 5.15.19-1.1
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
- CVE-2024-55549Mar 14, 2025affected < 5.15.19-1.1fixed 5.15.19-1.1
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
- affected < 5.15.19-1.1fixed 5.15.19-1.1
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2,
- CVE-2025-2136Mar 10, 2025affected < 5.15.19-1.1fixed 5.15.19-1.1
Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-1919Mar 5, 2025affected < 5.15.19-1.1fixed 5.15.19-1.1
Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-1426Feb 19, 2025affected < 5.15.19-1.1fixed 5.15.19-1.1
Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0999Feb 19, 2025affected < 5.15.19-1.1fixed 5.15.19-1.1
Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0996Feb 15, 2025affected < 5.15.19-1.1fixed 5.15.19-1.1
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0762Jan 29, 2025affected < 5.15.19-1.1fixed 5.15.19-1.1
Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
- CVE-2025-0436Jan 15, 2025affected < 5.15.19-1.1fixed 5.15.19-1.1
Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-12694Dec 18, 2024affected < 5.15.19-1.1fixed 5.15.19-1.1
Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-11477Nov 22, 2024affected < 5.15.19-1.1fixed 5.15.19-1.1
7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors
- CVE-2024-10827Nov 6, 2024affected < 5.15.19-1.1fixed 5.15.19-1.1
Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-10229Oct 22, 2024affected < 5.15.19-1.1fixed 5.15.19-1.1
Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)
- CVE-2024-9603Oct 8, 2024affected < 5.15.18-1.1fixed 5.15.18-1.1
Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-9602Oct 8, 2024affected < 5.15.18-1.1fixed 5.15.18-1.1
Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-9123Sep 24, 2024affected < 5.15.18-1.1fixed 5.15.18-1.1
Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-8636Sep 11, 2024affected < 5.15.18-1.1fixed 5.15.18-1.1
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Page 1 of 3