Lucene search
+L

100 matches found

Prion
Prion
added 2020/05/07 9:15 p.m.14 views

Code injection

In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow colors.statusbar.url.warn.fg. However, when the affected website was subsequently loaded again, the UR...

4.3CVSS3.7AI score0.01282EPSS
Exploits0References16Affected Software2
OSV
OSV
added 2020/05/07 9:15 p.m.2 views

UBUNTU-CVE-2020-11054

In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow colors.statusbar.url.warn.fg. However, when the affected website was subsequently loaded again, the UR...

3.5CVSS5.7AI score0.01282EPSS
Exploits0References16
OSV
OSV
added 2020/05/07 9:15 p.m.26 views

PYSEC-2020-97

In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow colors.statusbar.url.warn.fg. However, when the affected website was subsequently loaded again, the UR...

4.3CVSS2AI score0.01282EPSS
Exploits0References16
Cvelist
Cvelist
added 2020/05/07 8:35 p.m.51 views

CVE-2020-11054 Incorrect Provision of Specified Functionality in qutebrowser

In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow colors.statusbar.url.warn.fg. However, when the affected website was subsequently loaded again, the UR...

3.5CVSS3.5AI score0.01282EPSS
Exploits0References16
CVE
CVE
added 2020/05/07 8:35 p.m.123 views

CVE-2020-11054

This CVE affects qutebrowser prior to version 1.11.1. The issue is a UI/color-state bug: after a user overrides a certificate error, the status bar can briefly show green where yellow is appropriate, and on reloading the affected site the URL again shows green instead of reflecting the warning. T...

4.3CVSS3.5AI score0.01282EPSS
Exploits0References16Affected Software1
Debian CVE
Debian CVE
added 2020/05/07 8:35 p.m.63 views

CVE-2020-11054

In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow colors.statusbar.url.warn.fg. However, when the affected website was subsequently loaded again, the UR...

4.3CVSS4.2AI score0.01282EPSS
Exploits0
ArchLinux
ArchLinux
added 2020/05/07 12:0 a.m.45 views

[ASA-202005-5] qutebrowser: certificate verification bypass

Arch Linux Security Advisory ASA-202005-5 ========================================= Severity: Low Date : 2020-05-07 CVE-ID : CVE-2020-11054 Package : qutebrowser Type : certificate verification bypass Remote : Yes Link : https://security.archlinux.org/AVG-1152 Summary ======= The package...

4.3CVSS0.4AI score0.01282EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2020/05/02 12:0 a.m.39 views

qutebrowser -- Reloading page with certificate errors shows a green URL

Qutebrowser developers report: After a certificate error was overridden by the user, qutebrowser displays the URL as yellow colors.statusbar.url.warn.fg. However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green colors.statusbar.url.successhttps...

4.3CVSS1.9AI score0.01282EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/03/27 12:0 a.m.24 views

openSUSE Security Update : qutebrowser (openSUSE-2019-545)

This update for qutebrowser fixes the following issues : Security issue fixed : - CVE-2018-1000559: Fix an XSS issue on qute://history boo1101507. - CVE-2018-10895: Fix CSRF issue on the qute://settings page boo1100968. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

9.3CVSS7.3AI score0.01483EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.26 views

Fedora 28 : qutebrowser (2018-61dbd4a787)

This update fix CVE-2018-10895 0 and a few minor bugs. 0 : Due to a CSRF vulnerability affecting the qute://settings page, it was possible for websites to modify qutebrowser settings. Via settings like editor.command, this possibly allowed websites to execute arbitrary code. ---- This version fix...

9.3CVSS8.4AI score0.01187EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.9 views

Fedora 28 : qutebrowser (2018-5c8854a808)

This update fixes an XSS vulnerability on the qute://history page :history. The vulnerability allowed websites to inject HTML into the page via a crafted title tag. This could allow them to steal your browsing history. It also ships some minor fixes not worth mentioning. ---- Add a few minor...

5.5AI score
Exploits0References1
OpenVAS
OpenVAS
added 2018/10/26 12:0 a.m.21 views

openSUSE: Security Advisory for qutebrowser (openSUSE-SU-2018:2120-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS7.5AI score0.01483EPSS
Exploits1References2
OSV
OSV
added 2018/10/10 4:5 p.m.14 views

GHSA-WGMX-52PH-QQCW Qutebrowser CSRF Vulnerability

qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access qute:// URLs. A malicious website could exploit this to load a qute://settings/set URL, which then sets editor.command to a bash script, resulting in arbitrary code execution...

8.8CVSS9AI score0.01187EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2018/10/10 4:5 p.m.20 views

Qutebrowser CSRF Vulnerability

qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access qute:// URLs. A malicious website could exploit this to load a qute://settings/set URL, which then sets editor.command to a bash script, resulting in arbitrary code execution...

9.3CVSS8.7AI score0.01187EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2018/09/13 3:47 p.m.14 views

GHSA-M4FW-77V7-924M Qutebrowser XSS Vulnerability

qutebrowser version introduced in v0.11.0 1179ee7a937fb31414d77d9970bac21095358449 contains a Cross Site Scripting XSS vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be...

6.1CVSS6AI score0.01483EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2018/09/13 3:47 p.m.26 views

Qutebrowser XSS Vulnerability

qutebrowser version introduced in v0.11.0 1179ee7a937fb31414d77d9970bac21095358449 contains a Cross Site Scripting XSS vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be...

6.1CVSS5.8AI score0.01483EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/07/30 12:0 a.m.24 views

openSUSE Security Update : qutebrowser (openSUSE-2018-774)

This update for qutebrowser fixes the following issues : Security issue fixed : - CVE-2018-1000559: Fix an XSS issue on qute://history boo1101507. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Upda...

6.1CVSS6.6AI score0.01483EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2018/07/30 12:0 a.m.21 views

openSUSE Security Update : qutebrowser (openSUSE-2018-775)

This update for qutebrowser fixes the following issues : Security issue fixed : - CVE-2018-1000559: Fix an XSS issue on qute://history boo1101507. - CVE-2018-10895: Fix CSRF issue on the qute://settings page boo1100968. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

9.3CVSS7.3AI score0.01483EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2018/07/29 12:0 a.m.14 views

openSUSE: Security Advisory for qutebrowser (openSUSE-SU-2018:2130-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.1CVSS6.6AI score0.01483EPSS
Exploits1References2
OPENSUSE Linux
OPENSUSE Linux
added 2018/07/28 4:4 p.m.30 views

Security update for qutebrowser (moderate)

This update for qutebrowser fixes the following issues: Security issue fixed: - CVE-2018-1000559: Fix an XSS issue on qute://history boo1101507...

1.7AI score0.01483EPSS
Exploits1References1
Rows per page
Query Builder