VulnerableCode Package Details - pkg:deb/debian/epiphany-browser@3.4.2-2.1

Search for packages

Package details: pkg:deb/debian/epiphany-browser@3.4.2-2.1

Essentials
History (9)

purl	pkg:deb/debian/epiphany-browser@3.4.2-2.1

Next non-vulnerable version	48.3-2
Latest non-vulnerable version	48.3-2
Risk	4.0

Vulnerabilities affecting this package (9)

Vulnerability	Summary	Fixed by
VCID-56w9-3m3a-dbg3 Aliases: CVE-2017-1000025		3.22.7-1 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-aexr-t2nm-tkbw Aliases: CVE-2021-45088	XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.	3.38.2-1+deb11u3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-dfk8-ujvd-gyc3 Aliases: CVE-2019-25085	gvdb: use after free issue was fixed in gvdb_table_write_contents_async()	3.38.2-1+deb11u3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-q1xj-wvgm-8qde Aliases: CVE-2021-45087	XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.	3.38.2-1+deb11u3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-qf19-wz15-gbbw Aliases: CVE-2021-45085	XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.	3.38.2-1+deb11u3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-qh4f-wutm-5qdd Aliases: CVE-2018-11396	ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.	3.32.1.2-3~deb10u1 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-qhqm-svch-g3ax Aliases: CVE-2021-45086	XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.	3.38.2-1+deb11u3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-r78c-skaz-5uej Aliases: CVE-2018-12016	libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls.	3.32.1.2-3~deb10u1 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-s516-n9vv-aqae Aliases: CVE-2022-29536	In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.	3.38.2-1+deb11u3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T18:06:47.024211+00:00	Debian Oval Importer	Affected by	VCID-s516-n9vv-aqae	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:20:54.455976+00:00	Debian Oval Importer	Affected by	VCID-r78c-skaz-5uej	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:17:10.588120+00:00	Debian Oval Importer	Affected by	VCID-aexr-t2nm-tkbw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:11:57.870429+00:00	Debian Oval Importer	Affected by	VCID-56w9-3m3a-dbg3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:06:54.811725+00:00	Debian Oval Importer	Affected by	VCID-dfk8-ujvd-gyc3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:04:07.281523+00:00	Debian Oval Importer	Affected by	VCID-qf19-wz15-gbbw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:19:15.570044+00:00	Debian Oval Importer	Affected by	VCID-q1xj-wvgm-8qde	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:09:52.367836+00:00	Debian Oval Importer	Affected by	VCID-qhqm-svch-g3ax	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:27:36.811922+00:00	Debian Oval Importer	Affected by	VCID-qh4f-wutm-5qdd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0