Vulnerabilities > Gnome > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-16 | CVE-2021-45087 | Cross-site Scripting vulnerability in multiple products XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title. | 4.3 |
| 2021-12-16 | CVE-2021-45088 | Cross-site Scripting vulnerability in multiple products XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page. | 4.3 |
| 2021-08-22 | CVE-2021-39365 | Improper Certificate Validation vulnerability in multiple products In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. | 4.3 |
| 2021-08-22 | CVE-2021-39358 | Improper Certificate Validation vulnerability in multiple products In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. | 5.9 |
| 2021-08-22 | CVE-2021-39359 | Improper Certificate Validation vulnerability in multiple products In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. | 5.9 |
| 2021-08-22 | CVE-2021-39360 | Improper Certificate Validation vulnerability in multiple products In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. | 5.9 |
| 2021-08-22 | CVE-2021-39361 | Improper Certificate Validation vulnerability in Gnome Evolution-Rss In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. | 4.3 |
| 2021-07-19 | CVE-2020-36427 | Unspecified vulnerability in Gnome Gthumb GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image. network gnome | 4.3 |
| 2021-05-26 | CVE-2009-3721 | Path Traversal vulnerability in multiple products Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. | 6.8 |
| 2021-05-25 | CVE-2016-20011 | Improper Certificate Validation vulnerability in Gnome Libgrss libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. | 5.0 |