Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
epiphany vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-26081
In Epiphany (aka GNOME Web) up to and including 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
Gnome Epiphany
Fedoraproject Fedora 37
7.5
CVSSv3
CVE-2022-29536
In GNOME Epiphany prior to 41.4 and 42.x prior to 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
Gnome Epiphany
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.1
CVSSv3
CVE-2021-45085
XSS can occur in GNOME Web (aka Epiphany) prior to 40.4 and 41.x prior to 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.
Gnome Epiphany
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.1
CVSSv3
CVE-2021-45087
XSS can occur in GNOME Web (aka Epiphany) prior to 40.4 and 41.x prior to 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
Gnome Epiphany
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.1
CVSSv3
CVE-2021-45088
XSS can occur in GNOME Web (aka Epiphany) prior to 40.4 and 41.x prior to 41.1 via an error page.
Gnome Epiphany
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.1
CVSSv3
CVE-2021-45086
XSS can occur in GNOME Web (aka Epiphany) prior to 40.4 and 41.x prior to 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.
Gnome Epiphany
Debian Debian Linux 11.0
6.5
CVSSv3
CVE-2019-9633
gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote malicious users to cause a denial of service (g_socket_client_connected_callback mishandling and application...
Gnome Glib 2.59.2
9.8
CVSSv3
CVE-2019-8375
The UIProcess subsystem in WebKit, as used in WebKitGTK up to and including 2.23.90 and WebKitGTK+ up to and including 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote malicious users to cause a denial of ser...
Webkitgtk Webkitgtk
Webkitgtk Webkitgtk\\+
Opensuse Leap 15.0
Opensuse Leap 42.3
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
1 EDB exploit
8.1
CVSSv3
CVE-2019-6251
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.
Gnome Epiphany
Wpewebkit Wpe Webkit
Webkitgtk Webkitgtk
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Opensuse Leap 42.3
Opensuse Leap 15.0
7.5
CVSSv3
CVE-2018-12016
libephymain.so in GNOME Web (aka Epiphany) up to and including 3.28.2.1 allows remote malicious users to cause a denial of service (application crash) via certain window.open and document.write calls.
Gnome Epiphany
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-24955
man-in-the-middle
dos
CVE-2024-2818
CVE-2024-30584
CVE-2024-31134
camera
CVE-2023-45866
CVE-2024-30585
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »