Vulnerabilities (CVE)

Filtered by vendor Gnome Subscribe
Filtered by product Epiphany
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-11396 1 Gnome 1 Epiphany 2020-08-24 5.0 MEDIUM 7.5 HIGH
ephy-session.c in in GNOME Web (aka Epiphany) through allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted call.
CVE-2019-6251 6 Canonical, Fedoraproject, Gnome and 3 more 6 Ubuntu Linux, Fedora, Epiphany and 3 more 2020-08-24 5.8 MEDIUM 8.1 HIGH
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.
CVE-2018-12016 1 Gnome 1 Epiphany 2019-10-03 5.0 MEDIUM 7.5 HIGH in GNOME Web (aka Epiphany) through allows remote attackers to cause a denial of service (application crash) via certain and document.write calls.
CVE-2017-1000025 1 Gnome 1 Epiphany 2017-08-04 5.0 MEDIUM 7.5 HIGH
GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.
CVE-2005-0238 4 Gnome, Mozilla, Omnigroup and 1 more 6 Epiphany, Camino, Firefox and 3 more 2017-07-11 5.0 MEDIUM N/A
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVE-2010-3312 1 Gnome 1 Epiphany 2011-02-17 5.8 MEDIUM N/A
Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate.
CVE-2008-5985 1 Gnome 1 Epiphany 2009-03-19 6.9 MEDIUM N/A
Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).