Alpine: multiple qt5-qtwebengine packages: security update to 5.15.3_git20211112-r1

high Tenable Self-Hosted Container Security Plugin ID 406844

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to
potentially exploit heap corruption via crafted WebRTC packets. (CVE-2021-4079)

- Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had
compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
(CVE-2021-4057)

- Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to
potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4058)

- Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to
leak cross-origin data via a crafted HTML page. (CVE-2021-4059)

- Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had
compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
(CVE-2021-4062)

See Also

https://security.alpinelinux.org/vuln/CVE-2021-37984

https://security.alpinelinux.org/vuln/CVE-2021-37987

https://security.alpinelinux.org/vuln/CVE-2021-37989

https://security.alpinelinux.org/vuln/CVE-2021-37992

https://security.alpinelinux.org/vuln/CVE-2021-37993

https://security.alpinelinux.org/vuln/CVE-2021-37996

https://security.alpinelinux.org/vuln/CVE-2021-38001

https://security.alpinelinux.org/vuln/CVE-2021-38003

https://security.alpinelinux.org/vuln/CVE-2021-38005

https://security.alpinelinux.org/vuln/CVE-2021-38007

https://security.alpinelinux.org/vuln/CVE-2021-38009

https://security.alpinelinux.org/vuln/CVE-2021-38010

https://security.alpinelinux.org/vuln/CVE-2021-38012

https://security.alpinelinux.org/vuln/CVE-2021-38015

https://security.alpinelinux.org/vuln/CVE-2021-38017

https://security.alpinelinux.org/vuln/CVE-2021-38018

https://security.alpinelinux.org/vuln/CVE-2021-38019

https://security.alpinelinux.org/vuln/CVE-2021-38021

https://security.alpinelinux.org/vuln/CVE-2021-38022

https://security.alpinelinux.org/vuln/CVE-2021-4057

https://security.alpinelinux.org/vuln/CVE-2021-4058

https://security.alpinelinux.org/vuln/CVE-2021-4059

https://security.alpinelinux.org/vuln/CVE-2021-4062

https://security.alpinelinux.org/vuln/CVE-2021-4078

https://security.alpinelinux.org/vuln/CVE-2021-4079

Plugin Details

Severity: High

ID: 406844

Version: Revision 1.28

Type: Local

Published: 10/31/2023

Updated: 5/25/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

Percentile: 99.76

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-4079

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 10/19/2021

CISA Known Exploited Vulnerability Due Dates: 11/17/2021

Reference Information

CVE: CVE-2021-37984, CVE-2021-37987, CVE-2021-37989, CVE-2021-37992, CVE-2021-37993, CVE-2021-37996, CVE-2021-38001, CVE-2021-38003, CVE-2021-38005, CVE-2021-38007, CVE-2021-38009, CVE-2021-38010, CVE-2021-38012, CVE-2021-38015, CVE-2021-38017, CVE-2021-38018, CVE-2021-38019, CVE-2021-38021, CVE-2021-38022, CVE-2021-4057, CVE-2021-4058, CVE-2021-4059, CVE-2021-4062, CVE-2021-4078, CVE-2021-4079