GNOME Epiphany 3.35.1

CPE Details

GNOME Epiphany 3.35.1
gnome
epiphany
3.35.1
2019-10-23
10h27 +00:00
2019-10-23
10h27 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gnome:epiphany:3.35.1:*:*:*:*:*:*:*

Informations

Vendor

gnome

Product

epiphany

Version

3.35.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-26081 2023-02-20 00h00 +00:00 In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
7.5
High
CVE-2022-29536 2022-04-20 20h37 +00:00 In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
7.5
High
CVE-2021-45086 2021-12-16 01h19 +00:00 XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.
6.1
Medium
CVE-2021-45087 2021-12-16 01h19 +00:00 XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
6.1
Medium
CVE-2021-45088 2021-12-16 01h19 +00:00 XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.
6.1
Medium
CVE-2021-45085 2021-12-16 01h19 +00:00 XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.
6.1
Medium
CVE-2005-0238 2005-02-07 04h00 +00:00 The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
5
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.