Vulnerabilities > Gnome > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-16 CVE-2021-45087 Cross-site Scripting vulnerability in multiple products
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
network
low complexity
gnome debian CWE-79
6.1
2021-12-16 CVE-2021-45088 Cross-site Scripting vulnerability in multiple products
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.
network
low complexity
gnome debian CWE-79
6.1
2021-08-22 CVE-2021-39365 Improper Certificate Validation vulnerability in multiple products
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks.
network
high complexity
gnome debian CWE-295
5.9
2021-08-22 CVE-2021-39358 Improper Certificate Validation vulnerability in multiple products
In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks.
network
high complexity
gnome fedoraproject CWE-295
5.9
2021-08-22 CVE-2021-39359 Improper Certificate Validation vulnerability in multiple products
In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks.
network
high complexity
gnome fedoraproject CWE-295
5.9
2021-08-22 CVE-2021-39360 Improper Certificate Validation vulnerability in multiple products
In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks.
network
high complexity
gnome fedoraproject CWE-295
5.9
2021-08-22 CVE-2021-39361 Improper Certificate Validation vulnerability in Gnome Evolution-Rss
In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks.
network
high complexity
gnome CWE-295
5.9
2021-07-19 CVE-2020-36427 Unspecified vulnerability in Gnome Gthumb
GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image.
local
low complexity
gnome
5.5
2021-05-26 CVE-2021-20297 Improper Input Validation vulnerability in multiple products
A flaw was found in NetworkManager in versions before 1.30.0.
local
low complexity
gnome redhat fedoraproject CWE-20
5.5
2021-03-17 CVE-2021-28650 Link Following vulnerability in multiple products
autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations.
local
low complexity
gnome fedoraproject CWE-59
5.5