CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-3312
https://notcve.org/view.php?id=CVE-2010-3312
Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate. Epiphany v2.28 y v2.29, cuando WebKit y LibSoup se usan, incondicionalmente muestra un icono closed-lock (candado cerrado) para cualquier URL que empiece por https, sin adverntencia al usuario, lo que permite a atacantes "man-in-the-middle" manipular sitios https de su elección a través de certificados de servidores X.509 manipulados. • http://blog.fefe.de/?ts=b26ca29d http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564690 http://bugzilla-attachments.gnome.org/attachment.cgi?id=154330 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/43068 http://www.openwall.com/lists/oss-security/2010/09/17/10 http://www.openwall.com/lists/oss-security/2010/09/17/12 http://www.openwall.co •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5985
https://notcve.org/view.php?id=CVE-2008-5985
Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). Vulnerabilidad de búsqueda de ruta no confiable en el interfaz Python en Epiphany v2.22.3 y posiblemente otras versiones, permite a usuarios locales la ejecución de código de su elección a través de un archivo Python con un caballo de Troya en el directorio actual de trabajo, relacionado con la vulnerabilidad en la función PySys_SetArgv (CVE-2008-5983). • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504363 http://secunia.com/advisories/34187 http://www.gentoo.org/security/en/glsa/glsa-200903-16.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:048 http://www.openwall.com/lists/oss-security/2009/01/26/2 http://www.securityfocus.com/bid/33441 https://bugzilla.redhat.com/show_bug.cgi?id=481548 •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 3CVE-2005-0238
https://notcve.org/view.php?id=CVE-2005-0238
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html http://www.securityfocus.com/bid/12461 http://www.shmoo.com/idn http://www.shmoo.com/idn/homograph.txt https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399 https://exchange.xforce.ibmcloud.com/vulnerabilities/19236 •