Vulnerabilities > CVE-2015-1321

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

canonical

oxide-project

nessus

NVD

Published: 2015-04-29

Updated: 2024-11-21

Summary

Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage.

Vulnerable Configurations

Part	Description	Count
OS	Canonical Canonical Ubuntu Linux 15.1 Canonical Ubuntu Linux 14.10 Canonical Ubuntu Linux 14.04	3
Application	Oxide_Project Oxide Project Oxide - Oxide Project Oxide 1.1.0 Oxide Project Oxide 1.2.0 Oxide Project Oxide 1.3.0 Oxide Project Oxide 1.4.0 Oxide Project Oxide 1.5.0 Oxide Project Oxide 1.5.5 Oxide Project Oxide 1.6.0 Oxide Project Oxide 1.6.4	9

Nessus

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2570-1.NASL
description	An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-1235) An issue was discovered in the Web Audio API implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-1236) A use-after-free was discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1237) An out-of-bounds write was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1238) An out-of-bounds read was discovered in the WebGL implementation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2015-1240) An issue was discovered with the interaction of page navigation and touch event handling. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct
last seen	2020-06-01
modified	2020-06-02
plugin id	83109
published	2015-04-28
reporter	Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/83109
title	Ubuntu 14.04 LTS / 14.10 / 15.04 : oxide-qt vulnerabilities (USN-2570-1)

Vulnerabilities > CVE-2015-1321 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2015-1321"}]}

Summary

Vulnerable Configurations

Nessus

References

Vulnerabilities > CVE-2015-1321