GNOME Epiphany 42.1

CPE Details

GNOME Epiphany 42.1
gnome
epiphany
42.1
2022-04-29
13h49 +00:00
2022-05-02
11h13 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gnome:epiphany:42.1:*:*:*:*:*:*:*

Informations

Vendor

gnome

Product

epiphany

Version

42.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-26081 2023-02-20 00h00 +00:00 In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
7.5
High
CVE-2022-29536 2022-04-20 20h37 +00:00 In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
7.5
High
CVE-2005-0238 2005-02-07 04h00 +00:00 The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
5
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.