Alpine: multiple qt5-qtwebengine packages: security update to 5.15.3_git20200401-r0

critical Tenable Self-Hosted Container Security Plugin ID 426380

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an
attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds
write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system
availability. (CVE-2020-27844)

- Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially
exploit heap corruption via a crafted SCTP packet. (CVE-2020-16044)

- Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to
potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-21118)

- Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had
compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
(CVE-2021-21119)

See Also

https://security.alpinelinux.org/vuln/CVE-2020-16044

https://security.alpinelinux.org/vuln/CVE-2020-27844

https://security.alpinelinux.org/vuln/CVE-2021-21118

https://security.alpinelinux.org/vuln/CVE-2021-21119

https://security.alpinelinux.org/vuln/CVE-2021-21120

https://security.alpinelinux.org/vuln/CVE-2021-21121

https://security.alpinelinux.org/vuln/CVE-2021-21122

https://security.alpinelinux.org/vuln/CVE-2021-21123

https://security.alpinelinux.org/vuln/CVE-2021-21126

https://security.alpinelinux.org/vuln/CVE-2021-21127

https://security.alpinelinux.org/vuln/CVE-2021-21128

https://security.alpinelinux.org/vuln/CVE-2021-21132

https://security.alpinelinux.org/vuln/CVE-2021-21135

https://security.alpinelinux.org/vuln/CVE-2021-21137

https://security.alpinelinux.org/vuln/CVE-2021-21138

https://security.alpinelinux.org/vuln/CVE-2021-21140

https://security.alpinelinux.org/vuln/CVE-2021-21145

https://security.alpinelinux.org/vuln/CVE-2021-21146

https://security.alpinelinux.org/vuln/CVE-2021-21147

https://security.alpinelinux.org/vuln/CVE-2021-21148

https://security.alpinelinux.org/vuln/CVE-2021-21149

https://security.alpinelinux.org/vuln/CVE-2021-21150

https://security.alpinelinux.org/vuln/CVE-2021-21152

https://security.alpinelinux.org/vuln/CVE-2021-21153

https://security.alpinelinux.org/vuln/CVE-2021-21156

https://security.alpinelinux.org/vuln/CVE-2021-21157

https://security.alpinelinux.org/vuln/CVE-2021-21160

https://security.alpinelinux.org/vuln/CVE-2021-21162

https://security.alpinelinux.org/vuln/CVE-2021-21165

https://security.alpinelinux.org/vuln/CVE-2021-21166

https://security.alpinelinux.org/vuln/CVE-2021-21168

https://security.alpinelinux.org/vuln/CVE-2021-21169

https://security.alpinelinux.org/vuln/CVE-2021-21171

https://security.alpinelinux.org/vuln/CVE-2021-21172

https://security.alpinelinux.org/vuln/CVE-2021-21173

https://security.alpinelinux.org/vuln/CVE-2021-21174

https://security.alpinelinux.org/vuln/CVE-2021-21175

https://security.alpinelinux.org/vuln/CVE-2021-21178

https://security.alpinelinux.org/vuln/CVE-2021-21179

https://security.alpinelinux.org/vuln/CVE-2021-21183

https://security.alpinelinux.org/vuln/CVE-2021-21187

https://security.alpinelinux.org/vuln/CVE-2021-21188

https://security.alpinelinux.org/vuln/CVE-2021-21190

https://security.alpinelinux.org/vuln/CVE-2021-21191

https://security.alpinelinux.org/vuln/CVE-2021-21193

https://security.alpinelinux.org/vuln/CVE-2021-21195

https://security.alpinelinux.org/vuln/CVE-2021-21198

Plugin Details

Severity: Critical

ID: 426380

Version: Revision 1.4

Type: Local

Published: 5/16/2025

Updated: 12/19/2025

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: High

Score: 7.9

Percentile: 99.37

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C

CVSS Score Source: CVE-2020-27844

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 8.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2021-21150

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1/5/2021

CISA Known Exploited Vulnerability Due Dates: 11/17/2021

Reference Information

CVE: CVE-2020-16044, CVE-2020-27844, CVE-2021-21118, CVE-2021-21119, CVE-2021-21120, CVE-2021-21121, CVE-2021-21122, CVE-2021-21123, CVE-2021-21126, CVE-2021-21127, CVE-2021-21128, CVE-2021-21132, CVE-2021-21135, CVE-2021-21137, CVE-2021-21138, CVE-2021-21140, CVE-2021-21145, CVE-2021-21146, CVE-2021-21147, CVE-2021-21148, CVE-2021-21149, CVE-2021-21150, CVE-2021-21152, CVE-2021-21153, CVE-2021-21156, CVE-2021-21157, CVE-2021-21160, CVE-2021-21162, CVE-2021-21165, CVE-2021-21166, CVE-2021-21168, CVE-2021-21169, CVE-2021-21171, CVE-2021-21172, CVE-2021-21173, CVE-2021-21174, CVE-2021-21175, CVE-2021-21178, CVE-2021-21179, CVE-2021-21183, CVE-2021-21187, CVE-2021-21188, CVE-2021-21190, CVE-2021-21191, CVE-2021-21193, CVE-2021-21195, CVE-2021-21198