Lucene search
K
GnomeEpiphany

13 matches found

CVE
CVE
added 2019/01/14 7:0 a.m.249 views

CVE-2019-6251

CVE-2019-6251 affects WebKitGTK and WPE WebKit prior to 2.24.1. The issue is address bar spoofing via certain JavaScript redirections that could cause malicious content to appear as if it were from a trusted URI. Publicly documented references in Debian/Ubuntu/RHEL ecosystems confirm the vulnerab...

8.1CVSS5.8AI score0.04092EPSS
CVE
CVE
added 2018/05/23 1:0 p.m.164 views

CVE-2018-11396

Epiphany (GNOME Web) is affected by CVE-2018-11396 through the component ephy-session.c in libephymain.so, with the vulnerability allowing a remote attacker to crash the application via crafted JavaScript (e.g., window.open triggering a NULL URL). Public sources in connected documents describe a ...

7.5CVSS7.2AI score0.01494EPSS
CVE
CVE
added 2022/04/20 10:37 p.m.135 views

CVE-2022-29536

CVE-2022-29536 affects GNOME Epiphany before 41.4 and 42.x before 42.2. A buffer overflow in the UI process (ephy_string_shorten) can be triggered by a long page title because the UTF-8 ellipsis byte length is not properly accounted for. Impact per referenced advisories is memory corruption/crash...

7.5CVSS7.4AI score0.01952EPSS
CVE
CVE
added 2021/12/16 2:19 a.m.118 views

CVE-2021-45085

CVE-2021-45085 affects GNOME Web (Epiphany) where XSS is possible via an about: page. The issue occurs in Epiphany builds prior to 40.4 and 41.x prior to 41.1 when a user visits an XSS payload page, e.g., ephy-about:overview, which can land a page on the Most Visited list. Public details in conne...

6.1CVSS5.8AI score0.01485EPSS
CVE
CVE
added 2021/12/16 2:19 a.m.110 views

CVE-2021-45087

CVE-2021-45087 affects GNOME Web (Epiphany). The vulnerability arises when using View Source mode or Reader mode, allowing an XSS payload via the page title. Affected component is Epiphany/GNOME Web; root cause is improper handling in those modes leading to script execution. Impact is XSS under t...

6.1CVSS5.9AI score0.01485EPSS
CVE
CVE
added 2021/12/16 2:19 a.m.107 views

CVE-2021-45086

CVE-2021-45086 affects GNOME Web (Epiphany) where a server-provided suggested_filename is used as the pdf_name value in PDF.js, enabling XSS. Affected versions include GNOME Web before 40.4 and 41.x before 41.1; exploitation details and in-the-wild status are not shown in the provided documents. ...

6.1CVSS5.9AI score0.01294EPSS
CVE
CVE
added 2021/12/16 2:19 a.m.102 views

CVE-2021-45088

CVE-2021-45088 is an XSS vulnerability in GNOME Web (Epiphany) exploitable via an error page, affecting Epiphany/GNOME Web up to versions before 40.4 and 41.x before 41.1. Connected sources confirm this CVE as part of multiple GNOME/Epiphany XSS issues and indicate Debian/Mageia advisories with f...

6.1CVSS5.9AI score0.01417EPSS
CVE
CVE
added 2009/01/28 11:0 a.m.85 views

CVE-2008-5985

CVE-2008-5985 affects the Epiphany Python interface (notably Epiphany 2.22.3 and possibly other versions) via an untrusted search path vulnerability. Malicious local users could execute arbitrary code by placing a Trojan horse Python file in the current working directory, related to PySys_SetArgv...

6.9CVSS6.1AI score0.00374EPSS
CVE
CVE
added 2023/02/20 12:0 a.m.80 views

CVE-2023-26081

CVE-2023-26081 affects Epiphany (GNOME Web) up to version 43.0, where autofill can exfiltrate passwords from sandboxed content (e.g., CSP sandbox or iframe). Exploitation would require untrusted web content, but attackers could leverage sandbox context to access credentials. Remediation across di...

7.5CVSS7.3AI score0.01228EPSS
CVE
CVE
added 2005/02/07 5:0 a.m.78 views

CVE-2005-0238

CVE-2005-0238 concerns the International Domain Name (IDN) support in Epiphany, where punycode-encoded domain names decoded in URLs and SSL certificates can be interpreted using homograph characters from other scripts. This enables remote attackers to spoof legitimate domain names and facilitates...

5CVSS6.6AI score0.01552EPSS
CVE
CVE
added 2018/06/07 2:0 p.m.59 views

CVE-2018-12016

CVE-2018-12016 affects GNOME Web (Epiphany) with the vulnerable component libephymain.so in Epiphany up to version 3.28.2.1, enabling remote DoS (application crash) via window.open and document.write calls. Related entries confirm the issue across multiple advisories; Fedora patches were issued (...

7.5CVSS7.2AI score0.01899EPSS
CVE
CVE
added 2010/10/12 9:0 p.m.56 views

CVE-2010-3312

CVE-2010-3312 affects Epiphany (2.28/2.29) when using WebKit and LibSoup, where the UI unconditionally shows a closed-lock icon for any https URL, potentially enabling MITM via a crafted X.509 certificate. Related advisories mention Midori pre-0.2.5 and OpenSUSE/openSUSE libwebkit/WebKitGTK+ vers...

5.8CVSS8.2AI score0.01038EPSS
CVE
CVE
added 2017/07/13 8:0 p.m.55 views

CVE-2017-1000025

CVE-2017-1000025 affects GNOME Web (Epiphany) across multiple versions (3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and earlier). The description specifies a password manager sweep vulnerability that leads to remote exfiltration of stored passwords for a selec...

7.5CVSS7.5AI score0.01385EPSS