Vulnerabilities > Gnome > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-16 CVE-2021-45087 Cross-site Scripting vulnerability in multiple products
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
network
gnome debian CWE-79
4.3
2021-12-16 CVE-2021-45088 Cross-site Scripting vulnerability in multiple products
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.
network
gnome debian CWE-79
4.3
2021-08-22 CVE-2021-39365 Improper Certificate Validation vulnerability in multiple products
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks.
network
gnome debian CWE-295
4.3
2021-08-22 CVE-2021-39358 Improper Certificate Validation vulnerability in multiple products
In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks.
network
high complexity
gnome fedoraproject CWE-295
5.9
2021-08-22 CVE-2021-39359 Improper Certificate Validation vulnerability in multiple products
In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks.
network
high complexity
gnome fedoraproject CWE-295
5.9
2021-08-22 CVE-2021-39360 Improper Certificate Validation vulnerability in multiple products
In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks.
network
high complexity
gnome fedoraproject CWE-295
5.9
2021-08-22 CVE-2021-39361 Improper Certificate Validation vulnerability in Gnome Evolution-Rss
In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks.
network
gnome CWE-295
4.3
2021-07-19 CVE-2020-36427 Unspecified vulnerability in Gnome Gthumb
GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image.
network
gnome
4.3
2021-05-26 CVE-2009-3721 Path Traversal vulnerability in multiple products
Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF.
6.8
2021-05-25 CVE-2016-20011 Improper Certificate Validation vulnerability in Gnome Libgrss
libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection.
network
low complexity
gnome CWE-295
5.0