[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-USN-2920-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":66,"duplicates":67,"related":68,"reserved_at":9,"published_at":82,"modified_at":83,"state":9,"summary":84,"references_raw":86,"kevs":146,"epss":9,"epss_history":147,"metrics":148,"affected":149},"USN-2920-1","oxide-qt vulnerabilities\n\nIt was discovered that the ContainerNode::parserRemoveChild function in\nBlink mishandled widget updates in some circumstances. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to bypass same-origin restrictions.\n(CVE-2016-1630)\n\nIt was discovered that the PPB_Flash_MessageLoop_Impl::InternalRun \nfunction in Chromium mishandled nested message loops. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to bypass same-origin restrictions.\n(CVE-2016-1631)\n\nMultiple use-after-frees were discovered in Blink. If a user were tricked\nin to opening a specially crafted website, an attacker could potentially\nexploit these to cause a denial of service via renderer crash or execute\narbitrary code with the privileges of the sandboxed render process.\n(CVE-2016-1633, CVE-2016-1634, CVE-2016-1644)\n\nIt was discovered that the PendingScript::notifyFinished function in\nBlink relied on memory-cache information about integrity-check occurrences\ninstead of integrity-check successes. If a user were tricked in to opening\na specially crafted website, an attacker could potentially exploit this to\nbypass Subresource Integrity (SRI) protections. (CVE-2016-1636)\n\nIt was discovered that the SkATan2_255 function in Skia mishandled\narctangent calculations. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to obtain\nsensitive information. (CVE-2016-1637)\n\nA use-after-free was discovered in Chromium. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking the program.\n(CVE-2016-1641)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2016-1642)\n\nA type-confusion bug was discovered in Blink. If a user were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash or execute\narbitrary code with the privileges of the sandboxed render process.\n(CVE-2016-1643)\n\nMultiple security issues were discovered in V8. If a user were tricked\nin to opening a specially crafted website, an attacker could potentially\nexploit these to read uninitialized memory, cause a denial of service via\nrenderer crash or execute arbitrary code with the privileges of the\nsandboxed render process. (CVE-2016-2843)\n\nAn invalid cast was discovered in Blink. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to cause a denial of service via renderer crash or execute arbitrary\ncode with the privileges of the sandboxed render process. (CVE-2016-2844)\n\nIt was discovered that the Content Security Policy (CSP) implementation in\nBlink did not ignore a URL's path component in the case of a ServiceWorker\nfetch. If a user were tricked in to opening a specially crafted website,\nan attacker could potentially exploit this to obtain sensitive\ninformation. (CVE-2016-2845)\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64],{"_key":15},"CVE-2016-1630",{"_key":17},"CVE-2016-1631",{"_key":19},"CVE-2016-1633",{"_key":21},"CVE-2016-1634",{"_key":23},"CVE-2016-1636",{"_key":25},"CVE-2016-1637",{"_key":27},"CVE-2016-1641",{"_key":29},"CVE-2016-1642",{"_key":31},"CVE-2016-1643",{"_key":33},"CVE-2016-1644",{"_key":35},"CVE-2016-2843",{"_key":37},"CVE-2016-2844",{"_key":39},"CVE-2016-2845",{"_key":41},"UBUNTU-CVE-2016-1630",{"_key":43},"UBUNTU-CVE-2016-1631",{"_key":45},"UBUNTU-CVE-2016-1633",{"_key":47},"UBUNTU-CVE-2016-1634",{"_key":49},"UBUNTU-CVE-2016-1636",{"_key":51},"UBUNTU-CVE-2016-1637",{"_key":53},"UBUNTU-CVE-2016-1641",{"_key":55},"UBUNTU-CVE-2016-1642",{"_key":57},"UBUNTU-CVE-2016-1643",{"_key":59},"UBUNTU-CVE-2016-1644",{"_key":61},"UBUNTU-CVE-2016-2843",{"_key":63},"UBUNTU-CVE-2016-2844",{"_key":65},"UBUNTU-CVE-2016-2845",[],[],[69,70,71,72,73,74,75,76,77,78,79,80,81],{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},"2016-03-10T17:22:56Z","2026-04-22T09:23:05.877265Z",{"cisa_kev":85,"cisa_ransomware":85,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[87,93,98,102,106,110,114,118,122,126,130,134,138,142],{"url":88,"sources":89,"tags":91},"https://ubuntu.com/security/notices/USN-2920-1",[90],"osv_ubuntu",[92],"Advisory",{"url":94,"sources":95,"tags":96},"https://ubuntu.com/security/CVE-2016-1630",[90],[97],"REPORT",{"url":99,"sources":100,"tags":101},"https://ubuntu.com/security/CVE-2016-1631",[90],[97],{"url":103,"sources":104,"tags":105},"https://ubuntu.com/security/CVE-2016-1633",[90],[97],{"url":107,"sources":108,"tags":109},"https://ubuntu.com/security/CVE-2016-1634",[90],[97],{"url":111,"sources":112,"tags":113},"https://ubuntu.com/security/CVE-2016-1636",[90],[97],{"url":115,"sources":116,"tags":117},"https://ubuntu.com/security/CVE-2016-1637",[90],[97],{"url":119,"sources":120,"tags":121},"https://ubuntu.com/security/CVE-2016-1641",[90],[97],{"url":123,"sources":124,"tags":125},"https://ubuntu.com/security/CVE-2016-1642",[90],[97],{"url":127,"sources":128,"tags":129},"https://ubuntu.com/security/CVE-2016-1643",[90],[97],{"url":131,"sources":132,"tags":133},"https://ubuntu.com/security/CVE-2016-1644",[90],[97],{"url":135,"sources":136,"tags":137},"https://ubuntu.com/security/CVE-2016-2843",[90],[97],{"url":139,"sources":140,"tags":141},"https://ubuntu.com/security/CVE-2016-2844",[90],[97],{"url":143,"sources":144,"tags":145},"https://ubuntu.com/security/CVE-2016-2845",[90],[97],[],[],[],[150],{"ecosystem":151,"name":152,"vendor":153,"product":152,"cpe_part":9,"purl_type":154,"purl_namespace":153,"purl_name":152,"source":9,"versions":155},"Ubuntu","oxide-qt","ubuntu","deb",[156],{"version":157,"is_range":158,"range_type":159,"version_start":9,"version_start_type":9,"version_end":160,"version_end_type":161,"fixed_in":9},"lt1_13_6_0ubuntu0_14_04_1",true,"ecosystem","1.13.6-0ubuntu0.14.04.1","excluding"]