Vulnerabilities > Gnome

DATE CVE VULNERABILITY TITLE RISK
2021-08-22 CVE-2021-39365 Improper Certificate Validation vulnerability in multiple products
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks.
network
gnome debian CWE-295
4.3
2021-08-22 CVE-2021-39358 Improper Certificate Validation vulnerability in Gnome Libgfbgraph
In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks.
network
gnome CWE-295
4.3
2021-08-22 CVE-2021-39359 Improper Certificate Validation vulnerability in Gnome Libgda
In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks.
network
gnome CWE-295
4.3
2021-08-22 CVE-2021-39360 Improper Certificate Validation vulnerability in Gnome Libzapojit 0.0.1/0.0.2/0.0.3
In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks.
network
gnome CWE-295
4.3
2021-08-22 CVE-2021-39361 Improper Certificate Validation vulnerability in Gnome Evolution-Rss
In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks.
network
gnome CWE-295
4.3
2021-07-19 CVE-2020-36427 Unspecified vulnerability in Gnome Gthumb
GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image.
network
gnome
4.3
2021-05-28 CVE-2021-20240 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
A flaw was found in gdk-pixbuf in versions before 2.42.0.
8.3
2021-05-26 CVE-2009-3721 Path Traversal vulnerability in multiple products
Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF.
6.8
2021-05-26 CVE-2021-20297 Improper Input Validation vulnerability in multiple products
A flaw was found in NetworkManager in versions before 1.30.0.
local
low complexity
gnome redhat fedoraproject CWE-20
2.1
2021-05-25 CVE-2016-20011 Improper Certificate Validation vulnerability in Gnome Libgrss
libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection.
network
low complexity
gnome CWE-295
5.0