Search for packages
Package details: pkg:deb/debian/epiphany-browser@2.30.6-1
purl pkg:deb/debian/epiphany-browser@2.30.6-1
Next non-vulnerable version 48.3-2
Latest non-vulnerable version 48.3-2
Risk 4.0
Vulnerabilities affecting this package (10)
Vulnerability Summary Fixed by
VCID-2316-kp7u-aaag
Aliases:
CVE-2017-1000025
GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.
3.22.7-1
Affected by 9 other vulnerabilities.
VCID-869c-shsa-aaad
Aliases:
CVE-2018-12016
libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls.
3.32.1.2-3~deb10u1
Affected by 7 other vulnerabilities.
VCID-gex6-76gc-aaag
Aliases:
CVE-2018-11396
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.
3.32.1.2-3~deb10u1
Affected by 7 other vulnerabilities.
VCID-hg6a-nnf7-aaan
Aliases:
CVE-2021-45087
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-kr21-knq3-aaaf
Aliases:
CVE-2019-25085
A vulnerability was found in GNOME gvdb. It has been classified as critical. This affects the function gvdb_table_write_contents_async of the file gvdb-builder.c. The manipulation leads to use after free. It is possible to initiate the attack remotely. The name of the patch is d83587b2a364eb9a9a53be7e6a708074e252de14. It is recommended to apply a patch to fix this issue. The identifier VDB-216789 was assigned to this vulnerability.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-qccg-re6f-aaaf
Aliases:
CVE-2022-29536
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-v3v3-16gd-aaas
Aliases:
CVE-2023-26081
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
43.1-1
Affected by 1 other vulnerability.
VCID-wdyq-k3mq-aaah
Aliases:
CVE-2021-45086
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-xmbp-1n9r-aaab
Aliases:
CVE-2021-45088
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-zk2g-37wy-aaah
Aliases:
CVE-2021-45085
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-c7cz-hxp3-aaaq Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate. CVE-2010-3312

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T19:13:55.479910+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T19:06:46.922702+00:00 Debian Oval Importer Affected by VCID-wdyq-k3mq-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:35:10.229008+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:19:58.454108+00:00 Debian Oval Importer Fixing VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T17:49:35.707729+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T17:00:28.654714+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:28:53.898649+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:21:30.971483+00:00 Debian Oval Importer Affected by VCID-v3v3-16gd-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:41:57.909509+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:02:11.917532+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:51:20.668714+00:00 Debian Oval Importer Fixing VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:43:15.169445+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:30:04.553917+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T08:13:10.862877+00:00 Debian Oval Importer Affected by VCID-v3v3-16gd-aaas None 36.1.3
2025-06-21T07:03:12.760700+00:00 Debian Oval Importer Affected by VCID-kr21-knq3-aaaf None 36.1.3
2025-06-21T04:42:58.761228+00:00 Debian Oval Importer Affected by VCID-wdyq-k3mq-aaah None 36.1.3
2025-06-21T00:53:33.128884+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag None 36.1.3
2025-06-21T00:34:17.823531+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag None 36.1.3
2025-06-21T00:32:42.981857+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah None 36.1.3
2025-06-21T00:22:02.781326+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan None 36.1.3
2025-06-20T23:56:19.130340+00:00 Debian Oval Importer Fixing VCID-c7cz-hxp3-aaaq None 36.1.3
2025-06-20T21:54:28.854214+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf None 36.1.3
2025-06-20T21:33:18.666943+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad None 36.1.3
2025-06-20T20:43:48.618688+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab None 36.1.3
2025-06-08T13:08:06.911470+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T13:04:22.366313+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:17:35.046158+00:00 Debian Oval Importer Affected by VCID-kr21-knq3-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:15:28.864629+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:42:44.007473+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:35:52.363552+00:00 Debian Oval Importer Affected by VCID-wdyq-k3mq-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:05:32.090922+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:50:54.597507+00:00 Debian Oval Importer Fixing VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:22:32.068112+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:45:31.745020+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:14:46.565226+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:07:40.498803+00:00 Debian Oval Importer Affected by VCID-v3v3-16gd-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:36:04.916299+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:55:34.021520+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:44:44.391300+00:00 Debian Oval Importer Fixing VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:59:01.464550+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:50:34.275798+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T01:54:28.853294+00:00 Debian Oval Importer Affected by VCID-v3v3-16gd-aaas None 36.1.0
2025-06-08T00:42:56.917834+00:00 Debian Oval Importer Affected by VCID-kr21-knq3-aaaf None 36.1.0
2025-06-07T22:19:54.952136+00:00 Debian Oval Importer Affected by VCID-wdyq-k3mq-aaah None 36.1.0
2025-06-07T18:15:54.586798+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag None 36.1.0
2025-06-07T17:56:55.865482+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag None 36.1.0
2025-06-07T17:55:21.517242+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah None 36.1.0
2025-06-07T17:44:56.276809+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan None 36.1.0
2025-06-07T17:19:14.048107+00:00 Debian Oval Importer Fixing VCID-c7cz-hxp3-aaaq None 36.1.0
2025-06-07T15:17:51.934909+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf None 36.1.0
2025-06-07T14:55:52.210686+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad None 36.1.0
2025-06-07T14:15:41.732650+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab None 36.1.0
2025-04-12T21:03:25.705394+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:43:27.560526+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:55:44.942518+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:51:51.924777+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:03:24.541700+00:00 Debian Oval Importer Affected by VCID-kr21-knq3-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:01:13.357534+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:27:32.129026+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:20:22.879806+00:00 Debian Oval Importer Affected by VCID-wdyq-k3mq-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:48:50.788077+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:33:13.991927+00:00 Debian Oval Importer Fixing VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:03:32.787514+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T08:17:51.559827+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:46:46.097329+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:39:29.233349+00:00 Debian Oval Importer Affected by VCID-v3v3-16gd-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:07:31.669161+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:28:00.376754+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:17:14.804046+00:00 Debian Oval Importer Fixing VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:30:00.583719+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:21:43.088854+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T00:26:07.387584+00:00 Debian Oval Importer Affected by VCID-v3v3-16gd-aaas None 36.0.0
2025-04-07T23:15:14.366047+00:00 Debian Oval Importer Affected by VCID-kr21-knq3-aaaf None 36.0.0
2025-04-07T20:51:26.686066+00:00 Debian Oval Importer Affected by VCID-wdyq-k3mq-aaah None 36.0.0
2025-04-07T16:53:22.941193+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag None 36.0.0
2025-04-07T16:33:48.213913+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag None 36.0.0
2025-04-07T16:32:10.080957+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah None 36.0.0
2025-04-07T16:21:08.381808+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan None 36.0.0
2025-04-07T15:53:11.843110+00:00 Debian Oval Importer Fixing VCID-c7cz-hxp3-aaaq None 36.0.0
2025-04-07T13:49:21.453830+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf None 36.0.0
2025-04-07T13:27:50.268824+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad None 36.0.0
2025-04-07T12:48:39.122111+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab None 36.0.0
2024-11-27T20:46:45.339766+00:00 Debian Oval Importer Fixing VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-10-13T12:54:42.743990+00:00 Debian Oval Importer Fixing VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-09-20T23:30:42.414500+00:00 Debian Oval Importer Fixing VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1