Lucene search
K

7 matches found

Tenable Nessus
Tenable Nessus
added 2018/07/30 12:0 a.m.20 views

openSUSE Security Update : qutebrowser (openSUSE-2018-775)

This update for qutebrowser fixes the following issues : Security issue fixed : - CVE-2018-1000559: Fix an XSS issue on qute://history boo1101507. - CVE-2018-10895: Fix CSRF issue on the qute://settings page boo1100968. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

9.3CVSS7.3AI score0.01483EPSS
Exploits1References4
OPENSUSE Linux
OPENSUSE Linux
added 2018/07/28 3:59 p.m.21 views

Security update for qutebrowser (moderate)

This update for qutebrowser fixes the following issues: Security issue fixed: - CVE-2018-1000559: Fix an XSS issue on qute://history boo1101507. - CVE-2018-10895: Fix CSRF issue on the qute://settings page boo1100968...

1.8AI score0.01483EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2018/07/24 12:0 a.m.15 views

Fedora 27 : qutebrowser (2018-35325c9faf)

This update fix CVE-2018-10895 0 and a few minor bugs. 0 : Due to a CSRF vulnerability affecting the qute://settings page, it was possible for websites to modify qutebrowser settings. Via settings like editor.command, this possibly allowed websites to execute arbitrary code. ---- This version fix...

9.3CVSS8.4AI score0.01187EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/07/20 12:0 a.m.19 views

Fedora Update for qutebrowser FEDORA-2018-35325c9faf

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS8.7AI score0.01187EPSS
Exploits0References2
OSV
OSV
added 2018/07/12 12:29 p.m.2 views

UBUNTU-CVE-2018-10895

qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrary code execution...

9.3CVSS7.5AI score0.01187EPSS
Exploits0References4
CVE
CVE
added 2018/07/12 12:0 p.m.94 views

CVE-2018-10895

The CVE-2018-10895 issue affects qutebrowser prior to 1.4.1. A CSRF flaw lets a malicious site access qute:// URLs, enabling it to load qute://settings/set and override editor.command with a bash script, leading to arbitrary code execution. Public advisories in multiple OSS channels (e.g., Fedora...

9.3CVSS8.6AI score0.01187EPSS
Exploits0References3Affected Software1
ArchLinux
ArchLinux
added 2018/07/11 12:0 a.m.21 views

[ASA-201807-3] qutebrowser: arbitrary code execution

Arch Linux Security Advisory ASA-201807-3 ========================================= Severity: Critical Date : 2018-07-11 CVE-ID : CVE-2018-10895 Package : qutebrowser Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-735 Summary ======= The package qutebrowser...

9.3CVSS3.1AI score0.01187EPSS
Exploits0References4
Rows per page
Query Builder