Vendor
Uzbl
Products
1
CVEs
3
Across products
3
Status
Private
Products
1- 3 CVEs
Recent CVEs
3| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2010-2809 | 0.03 | — | 0.06 | Aug 19, 2010 | The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document. | ||
| CVE-2012-0843 | 0.00 | — | 0.00 | Nov 19, 2019 | uzbl: Information disclosure via world-readable cookies storage file | ||
| CVE-2010-0011 | 0.00 | — | 0.01 | Feb 25, 2010 | The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code. |
- CVE-2010-2809Aug 19, 2010risk 0.03cvss —epss 0.06
The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document.
- CVE-2012-0843Nov 19, 2019risk 0.00cvss —epss 0.00
uzbl: Information disclosure via world-readable cookies storage file
- CVE-2010-0011Feb 25, 2010risk 0.00cvss —epss 0.01
The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code.