7 matches found
openSUSE Security Update : qutebrowser (openSUSE-2018-775)
This update for qutebrowser fixes the following issues : Security issue fixed : - CVE-2018-1000559: Fix an XSS issue on qute://history boo1101507. - CVE-2018-10895: Fix CSRF issue on the qute://settings page boo1100968. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Security update for qutebrowser (moderate)
This update for qutebrowser fixes the following issues: Security issue fixed: - CVE-2018-1000559: Fix an XSS issue on qute://history boo1101507. - CVE-2018-10895: Fix CSRF issue on the qute://settings page boo1100968...
Fedora 27 : qutebrowser (2018-35325c9faf)
This update fix CVE-2018-10895 0 and a few minor bugs. 0 : Due to a CSRF vulnerability affecting the qute://settings page, it was possible for websites to modify qutebrowser settings. Via settings like editor.command, this possibly allowed websites to execute arbitrary code. ---- This version fix...
Fedora Update for qutebrowser FEDORA-2018-35325c9faf
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
UBUNTU-CVE-2018-10895
qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrary code execution...
CVE-2018-10895
The CVE-2018-10895 issue affects qutebrowser prior to 1.4.1. A CSRF flaw lets a malicious site access qute:// URLs, enabling it to load qute://settings/set and override editor.command with a bash script, leading to arbitrary code execution. Public advisories in multiple OSS channels (e.g., Fedora...
[ASA-201807-3] qutebrowser: arbitrary code execution
Arch Linux Security Advisory ASA-201807-3 ========================================= Severity: Critical Date : 2018-07-11 CVE-ID : CVE-2018-10895 Package : qutebrowser Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-735 Summary ======= The package qutebrowser...