Oxide Project
Products
1- 5 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1578 | Cri | 0.64 | 9.8 | 0.03 | May 13, 2016 | Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously to permission requests. | ||
| CVE-2015-1332 | Hig | 0.57 | 8.8 | 0.03 | Jul 25, 2017 | The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website. | ||
| CVE-2024-55582 | Med | 0.37 | 5.7 | 0.00 | Dec 9, 2024 | Oxide before 6 has unencrypted Control Plane datastores. | ||
| CVE-2015-1321 | 0.00 | — | 0.02 | Apr 29, 2015 | Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage. | |||
| CVE-2015-1317 | 0.00 | — | 0.03 | Apr 8, 2015 | Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists. |
- risk 0.64cvss 9.8epss 0.03
Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously to permission requests.
- risk 0.57cvss 8.8epss 0.03
The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website.
- risk 0.37cvss 5.7epss 0.00
Oxide before 6 has unencrypted Control Plane datastores.
- CVE-2015-1321Apr 29, 2015risk 0.00cvss —epss 0.02
Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage.
- CVE-2015-1317Apr 8, 2015risk 0.00cvss —epss 0.03
Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists.