CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-45088 – Debian Security Advisory 5042-1
https://notcve.org/view.php?id=CVE-2021-45088
16 Dec 2021 — XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page. Un ataque de tipo XSS puede ocurrir en GNOME Web (también se conoce como Epiphany) versiones anteriores a 40.4 y 41.x versiones anteriores a 41.1 por medio de una página de error Several vulnerabities have been discovered in Epiphany, the GNOME web browser, allowing XSS attacks under certain circumstances. • https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-45085 – Debian Security Advisory 5042-1
https://notcve.org/view.php?id=CVE-2021-45085
16 Dec 2021 — XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list. Un ataque de tipo XSS puede ocurrir en GNOME Web (también se conoce como Epiphany) versiones anteriores a 40.4 y 41.x versiones anteriores a 41.1, por medio de una página about:, como es demostrado en ephy-about:overview cuando un usuario visita una página de carga útil de tipo XS... • https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3800 – glib2: Possible privilege escalation thourgh pkexec and aliases
https://notcve.org/view.php?id=CVE-2021-3800
10 Nov 2021 — A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition. Se ha encontrado un fallo en glib versiones anteriores a 2.63.6. Debido a los alias de conjuntos de caracteres aleatorios, pkexec puede filtrar el contenido de los archivos propiedad de usuarios con privilegios a los que no los presentan bajo la condición apropiada. Red Hat Advanced Cluster Management for Kubernetes 2.2.10 i... • https://access.redhat.com/security/cve/CVE-2021-3800 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39365 – grilo: missing TLS certificate verification
https://notcve.org/view.php?id=CVE-2021-39365
22 Aug 2021 — In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. En GNOME grilo versiones hasta 0.3.13, grl-net-wc.c no habilita la verificación de certificados TLS en los objetos SoupSessionAsync que crea, dejando a los usuarios vulnerables a ataques MITM de red. NOTA: esto es similar a CVE-2016-20011. Michael Catanzaro reported a problem in Grilo, a ... • https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39358 – gfbgraph: missing TLS certificate verification
https://notcve.org/view.php?id=CVE-2021-39358
22 Aug 2021 — In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. En GNOME libgfbgraph versiones hasta 0.2.4, el archivo gfbgraph-photo.c, no habilita la verificación del certificado TLS en los objetos SoupSessionSync que crea, dejando a usuarios vulnerables a ataques MITM de la red. NOTA: Esto es similar a CVE-2016-20011. An update that f... • https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification • CWE-295: Improper Certificate Validation •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39360 – SUSE Security Advisory - SUSE-SU-2022:3267-1
https://notcve.org/view.php?id=CVE-2021-39360
22 Aug 2021 — In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. En GNOME libzapojit versiones hasta 0.0.3, el archivo zpj-skydrive.c no habilita la verificación del certificado TLS en los objetos SoupSessionSync que crea, dejando a los usuarios vulnerables a los ataques MITM de la red. NOTA: esto es similar a CVE-2016-20011. An update that ... • https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification • CWE-295: Improper Certificate Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39361
https://notcve.org/view.php?id=CVE-2021-39361
22 Aug 2021 — In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. En GNOME evolution-rss versiones hasta 0.3.96, el archivo network-soup.c, no habilita la verificación del certificado TLS en los objetos SoupSessionSync que crea, dejando a los usuarios vulnerables a ataques MITM de la red. NOTA: Esto es similar a CVE-2016-20011. • https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification • CWE-295: Improper Certificate Validation •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2021-39359
https://notcve.org/view.php?id=CVE-2021-39359
22 Aug 2021 — In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. En GNOME libgda versiones hasta 6.0.0, el archivo gda-web-provider.c, no habilita la verificación del certificado TLS en los objetos SoupSessionSync que crea, dejando a usuarios vulnerables a los ataques MITM de la red. NOTA: Esto es similar a CVE-2016-20011. • https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3567 – openSUSE Security Advisory - openSUSE-SU-2021:2414-1
https://notcve.org/view.php?id=CVE-2021-3567
20 Jul 2021 — A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage Caribou as an input mechanism. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en Caribou debido a una regresión de la corrección CVE-2020-25712. Un atacante podría usar este fallo para eludir las aplicaciones de bloqueo de pantalla que aprovechan Caribou como mecanismo de entrada. • https://bugzilla.redhat.com/show_bug.cgi?id=1962836 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36427 – Ubuntu Security Notice USN-5680-1
https://notcve.org/view.php?id=CVE-2020-36427
19 Jul 2021 — GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image. GNOME gThumb versiones anteriores a 3.10.1, permite el bloqueo de la aplicación por medio de una imagen JPEG malformada It was discovered that gThumb did not properly managed memory when processing certain image files. If a user were tricked into opening a specially crafted JPEG file, an attacker could possibly use this issue to cause gThumb to crash, resulting in a denial of service, or possibly execute arbitrary code. It wa... • https://download.gnome.org/sources/gthumb/3.10/gthumb-3.10.1.news •