Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-0843 | 2 Debian, Uzbl | 2 Debian Linux, Uzbl | 2019-11-22 | 2.1 LOW | 5.5 MEDIUM |
uzbl: Information disclosure via world-readable cookies storage file | |||||
CVE-2010-2809 | 1 Uzbl | 1 Uzbl | 2017-08-16 | 6.8 MEDIUM | N/A |
The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document. | |||||
CVE-2010-0011 | 1 Uzbl | 1 Uzbl | 2017-08-16 | 7.5 HIGH | N/A |
The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code. |