Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 13 results


CVE-2023-26081

Medium priority
Needs evaluation

In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.

1 affected packages

epiphany-browser

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
epiphany-browser Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2019-25085

Medium priority
Not affected

A vulnerability was found in GNOME gvdb. It has been classified as critical. This affects the function gvdb_table_write_contents_async of the file gvdb-builder.c. The manipulation leads to use after free. It is possible to...

2 affected packages

epiphany-browser, glib2.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
epiphany-browser Not affected Not affected Not affected Not affected
glib2.0 Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-29536

Medium priority

Some fixes available 2 of 5

In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8...

1 affected packages

epiphany-browser

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
epiphany-browser Not affected Fixed Fixed Vulnerable Needs evaluation
Show less packages

CVE-2021-45088

Medium priority
Vulnerable

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.

1 affected packages

epiphany-browser

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
epiphany-browser Not affected Not affected Vulnerable Vulnerable Needs evaluation
Show less packages

CVE-2021-45087

Medium priority

Some fixes available 1 of 5

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.

1 affected packages

epiphany-browser

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
epiphany-browser Not affected Not affected Fixed Vulnerable Needs evaluation
Show less packages

CVE-2021-45086

Medium priority

Some fixes available 1 of 5

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.

1 affected packages

epiphany-browser

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
epiphany-browser Not affected Not affected Fixed Vulnerable Needs evaluation
Show less packages

CVE-2021-45085

Medium priority

Some fixes available 1 of 5

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.

1 affected packages

epiphany-browser

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
epiphany-browser Not affected Not affected Fixed Vulnerable Needs evaluation
Show less packages

CVE-2018-12016

Medium priority
Vulnerable

libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls.

1 affected packages

epiphany-browser

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
epiphany-browser Not affected Not affected Not affected Vulnerable Needs evaluation
Show less packages

CVE-2018-11396

Medium priority
Vulnerable

ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a...

1 affected packages

epiphany-browser

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
epiphany-browser Not affected Not affected Not affected Vulnerable Needs evaluation
Show less packages

CVE-2017-1000025

Medium priority
Vulnerable

GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords...

2 affected packages

epiphany, epiphany-browser

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
epiphany Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
epiphany-browser Not affected Not affected Not affected Not affected Vulnerable
Show less packages