rpm package
opensuse/qutebrowser&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/qutebrowser&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-4863 | — | KEV | < 3.0.2-1.1 | 3.0.2-1.1 | Sep 12, 2023 | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | |
| CVE-2022-25255 | — | < 2.5.0-1.1 | 2.5.0-1.1 | Feb 16, 2022 | In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. | ||
| CVE-2020-11054 | — | < 2.3.1-2.1 | 2.3.1-2.1 | May 7, 2020 | In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected website was subsequently l | ||
| CVE-2018-10895 | — | < 2.3.1-2.1 | 2.3.1-2.1 | Jul 12, 2018 | qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrar | ||
| CVE-2018-1000559 | — | < 2.3.1-2.1 | 2.3.1-2.1 | Jun 26, 2018 | qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This |
- affected < 3.0.2-1.1fixed 3.0.2-1.1
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2022-25255Feb 16, 2022affected < 2.5.0-1.1fixed 2.5.0-1.1
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
- CVE-2020-11054May 7, 2020affected < 2.3.1-2.1fixed 2.3.1-2.1
In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected website was subsequently l
- CVE-2018-10895Jul 12, 2018affected < 2.3.1-2.1fixed 2.3.1-2.1
qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrar
- CVE-2018-1000559Jun 26, 2018affected < 2.3.1-2.1fixed 2.3.1-2.1
qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This