Количество 5
Количество 5
CVE-2018-10895
qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrary code execution.
CVE-2018-10895
qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrary code execution.
CVE-2018-10895
qutebrowser before version 1.4.1 is vulnerable to a cross-site request ...
GHSA-wgmx-52ph-qqcw
Qutebrowser CSRF Vulnerability
openSUSE-SU-2018:2120-1
Security update for qutebrowser
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2018-10895 qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrary code execution. | CVSS3: 9.3 | 0% Низкий | больше 7 лет назад |
 | CVE-2018-10895 qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrary code execution. | CVSS3: 9.3 | 0% Низкий | больше 7 лет назад |
| CVE-2018-10895 qutebrowser before version 1.4.1 is vulnerable to a cross-site request ... | CVSS3: 9.3 | 0% Низкий | больше 7 лет назад |
| GHSA-wgmx-52ph-qqcw Qutebrowser CSRF Vulnerability | CVSS3: 8.8 | 0% Низкий | больше 7 лет назад |
 | openSUSE-SU-2018:2120-1 Security update for qutebrowser | больше 7 лет назад |
Уязвимостей на страницу