qutebrowser 1.1.2

CPE Details

qutebrowser 1.1.2
qutebrowser
qutebrowser
1.1.2
2019-09-05
15h45 +00:00
2019-09-05
15h45 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:qutebrowser:qutebrowser:1.1.2:*:*:*:*:*:*:*

Informations

Vendor

qutebrowser

Product

qutebrowser

Version

1.1.2

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-41146 2021-10-21 15h35 +00:00 qutebrowser is an open source keyboard-focused browser with a minimal GUI. Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers a `qutebrowserurl:` URL handler. With certain applications, opening a specially crafted `qutebrowserurl:...` URL can lead to execution of qutebrowser commands, which in turn allows arbitrary code execution via commands such as `:spawn` or `:debug-pyeval`. Only Windows installs where qutebrowser is registered as URL handler are affected. The issue has been fixed in qutebrowser v2.4.0. The fix also adds additional hardening for potential similar issues on Linux (by adding the new --untrusted-args flag to the .desktop file), though no such vulnerabilities are known.
8.8
Haute
CVE-2020-11054 2020-05-07 18h35 +00:00 In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green (colors.statusbar.url.success_https). While the user already has seen a certificate error prompt at this point (or set content.ssl_strict to false, which is not recommended), this could still provide a false sense of security. This has been fixed in 1.11.1 and 1.12.0. All versions of qutebrowser are believed to be affected, though versions before v0.11.x couldn't be tested. Backported patches for older versions (greater than or equal to 1.4.0 and less than or equal to 1.10.2) are available, but no further releases are planned.
3.5
Bas
CVE-2018-10895 2018-07-12 10h00 +00:00 qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrary code execution.
9.3
Critique
CVE-2018-1000559 2018-06-26 14h00 +00:00 qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be exploitable via the victim must open a page with a specially crafted attribute, and then open the qute://history site via the :history command. This vulnerability appears to have been fixed in fixed in v1.3.3 (4c9360237f186681b1e3f2a0f30c45161cf405c7, to be released today) and v1.4.0 (5a7869f2feaa346853d2a85413d6527c87ef0d9f, released later this week).</td> <td><div class="badge badge-light-warning" style="font-size:1em">6.1</div></td> <td><div class="badge badge-light-warning" style="font-size:1em;text-transform: uppercase;">Moyen</div></td> </tr> </tbody> </table> </div> <div class="separator my-10"></div> </div> </div> </div> </div> </div> </div> <!--end::Container--> <!--begin::Footer--> <div class="footer py-4 d-flex flex-lg-column" id="kt_footer"> <div class="container-xxl d-flex flex-column flex-md-row align-items-center justify-content-between"> <div class="text-gray-900 order-2 order-md-1"> <span class="text-muted fw-semibold me-1">2025©</span> <a href="https://www.tesweb.com" target="_blank" class="text-gray-800 text-hover-primary">tesweb SA</a>, <a href="https://www.bexxo.ch" target="_blank" class="text-gray-800 text-hover-primary">bexxo Cyber Security</a> </div> <ul class="menu menu-gray-600 menu-hover-primary fw-semibold order-1"> <li class="menu-item"> <a href="/fr/official.html" class="menu-link px-2">Database Partners</a> </li> <li class="menu-item"> <a href="/fr/gdpr.html" class="menu-link px-2">GDPR</a> </li> <li class="menu-item"> <a href="/fr/contact.html" class="menu-link px-2">Contact</a> </li> <li class="menu-item"> <a href="/fr/plan-price.html" class="menu-link px-2">Purchase</a> </li> <li class="menu-item"> <a href="https://www.linkedin.com/company/cve-find/" class="menu-link px-2" target="_blank"><img src="/media/social/linkedin.svg" width="40" height="40" alt="LinkedIn Account"/></a> </li> <li class="menu-item"> <a href="https://www.facebook.com/people/CVE-Find-Alert/61561116452093/" class="menu-link px-2" target="_blank"><img src="/media/social/facebook.svg" width="40" height="40" alt="Facebook Account"/></a> </li> <li class="menu-item"> <a href="https://x.com/cvefindcom" class="menu-link px-2" target="_blank"><img src="/media/social/twitter.svg" width="40" height="40" alt="Twitter Account"/></a> </li> </ul> </div> </div> <div class="footer py-4"> <div class="container-xxl align-items-center justify-content-between"> Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par <a href="https://cve.mitre.org/" target="_blank">MITRE Corporation</a> et la <a href="https://nvd.nist.gov/" target="_blank">National Vulnerability Database (NVD)</a>. Le catalogue des vulnérabilités activement exploitées (KEV) provient de la <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" target="_blank">Cybersecurity and Infrastructure Security Agency (CISA)</a>, tandis que les scores EPSS sont issus de <a href="https://www.first.org/epss/" target="_blank">FIRST.org</a>. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par <a href="https://mitre.org/" target="_blank">MITRE Corporation</a>, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du <a href="https://nvd.nist.gov/products/cpe" target="_blank">NVD</a>. </div> </div> </div> </div> </div> <!--begin::Javascript--> <script>var hostUrl = "assets/";</script> <!--begin::Global Javascript Bundle(mandatory for all pages)--> <script src="/plugins/global/plugins.bundle.js"></script> <script src="/js/scripts.bundle.js"></script> <!--end::Global Javascript Bundle--> <script src="/js/app/custom.min.js"></script> <script src="/js/app/base.fr.min.js"></script> <!--begin::Vendors Javascript(used for this page only)--> <script src='https://www.cvefind.com/plugins/custom/datatables/datatables.bundle.js'></script> <script src="/js/app/account/manageAlertNeedAccount.min.js"></script> <!--end::Custom Javascript--> <!-- Specific Page JS --> <!--end::Javascript--> </body> </html> <script src="/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js" data-cf-settings="e277f0c9c7a2b3fd99265a67-|49" defer></script>