Vulnerabilities > Uzbl

DATE CVE VULNERABILITY TITLE RISK
2019-11-19 CVE-2012-0843 Information Exposure vulnerability in multiple products
uzbl: Information disclosure via world-readable cookies storage file
local
low complexity
uzbl debian CWE-200
2.1
2010-08-19 CVE-2010-2809 Code Injection vulnerability in Uzbl 2009.12.22/2010.01.04
The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document.
network
uzbl CWE-94
6.8
2010-02-25 CVE-2010-0011 Permissions, Privileges, and Access Controls vulnerability in Uzbl
The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code.
network
low complexity
uzbl CWE-264
7.5