CVE-2023-26081
published 2023-02-20CVE-2023-26081: In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.23%
65.1th percentile
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | epiphany-browser | < epiphany-browser 43.1-1 (bookworm) | epiphany-browser 43.1-1 (bookworm) |
| fedoraproject | fedora | — | — |
| gnome | epiphany | < 43.1 | 43.1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cw64-pq7m-342r: In Epiphany (aka GNOME Web) through 43
ghsa_unreviewed·2023-02-20
CVE-2023-26081 [HIGH] CWE-668 GHSA-cw64-pq7m-342r: In Epiphany (aka GNOME Web) through 43
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
OSV
CVE-2023-26081: In Epiphany (aka GNOME Web) through 43
osv·2023-02-20·CVSS 7.5
CVE-2023-26081 [HIGH] CVE-2023-26081: In Epiphany (aka GNOME Web) through 43
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
CISA ICS
Siemens SCALANCE XCM-/XRM-300
cisa_ics·2024-02-15
Siemens SCALANCE XCM-/XRM-300
ICS Advisory
##
Siemens SCALANCE XCM-/XRM-300
Release DateFebruary 15, 2024
Alert CodeICSA-24-046-11
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE XCM-/XRM-300
- Vulnerabilities: Out-of-bounds Write, Incorrect Type Conversion or Cast, Improper Verification of Cryptographic Signature, Improper Access Control, Improper Authentication, Missing Encryption
Debian
CVE-2023-26081: epiphany-browser - In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users ...
vendor_debian·2023·CVSS 7.5
CVE-2023-26081 [HIGH] CVE-2023-26081: epiphany-browser - In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users ...
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
Scope: local
bookworm: resolved (fixed in 43.1-1)
bullseye: open
forky: resolved (fixed in 43.1-1)
sid: resolved (fixed in 43.1-1)
trixie: resolved (fixed in 43.1-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9xhttps://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275https://lists.debian.org/debian-lts-announce/2023/05/msg00015.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFWUNG6E4ZT43EYNHKYXS7QVSO2VW2H2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SADQCSQKTJKTTIJMEPY7GII6IVQSKEKV/https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9xhttps://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275https://lists.debian.org/debian-lts-announce/2023/05/msg00015.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFWUNG6E4ZT43EYNHKYXS7QVSO2VW2H2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SADQCSQKTJKTTIJMEPY7GII6IVQSKEKV/
2023-02-20
Published