Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnome vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2016-20011
libgrss up to and including 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote malicious users to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.
Gnome Libgrss
8.1
CVSSv3
CVE-2021-33516
An issue exists in GUPnP prior to 1.0.7 and 1.1.x and 1.2.x prior to 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending o...
Gnome Gupnp
8.6
CVSSv3
CVE-2021-3517
There is a flaw in the xml entity encoding functionality of libxml2 in versions prior to 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most like...
Xmlsoft Libxml2
Redhat Jboss Core Services -
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Netapp Snapmanager -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Ontap Select Deploy Administration Utility -
Netapp Clustered Data Ontap -
Netapp E-series Santricity Storage Manager -
Netapp Clustered Data Ontap Antivirus Connector -
Netapp Snapdrive -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Active Iq Unified Manager -
Netapp Santricity Unified Manager -
Netapp Manageability Software Development Kit -
Netapp E-series Santricity Web Services -
Netapp E-series Santricity Os Controller
Netapp Hci H410c Firmware -
8.8
CVSSv3
CVE-2021-3518
There's a flaw in libxml2 in versions prior to 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability...
Xmlsoft Libxml2
Debian Debian Linux 9.0
Redhat Jboss Core Services -
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Netapp Ontap Select Deploy Administration Utility -
Netapp Clustered Data Ontap -
Netapp Clustered Data Ontap Antivirus Connector -
Netapp Snapdrive -
Netapp Active Iq Unified Manager -
Netapp Manageability Software Development Kit -
Netapp Hci H410c Firmware -
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Enterprise Manager Base Platform 13.5.0.0
Oracle Mysql Workbench
Oracle Real User Experience Insight 13.4.1.0
Oracle Real User Experience Insight 13.5.1.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0
5.9
CVSSv3
CVE-2021-3537
A vulnerability found in libxml2 in versions prior to 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the applic...
Xmlsoft Libxml2
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Jboss Core Services -
Redhat Enterprise Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Netapp Ontap Select Deploy Administration Utility -
Netapp Clustered Data Ontap -
Netapp Clustered Data Ontap Antivirus Connector -
Netapp Snapdrive -
Netapp Active Iq Unified Manager -
Netapp Manageability Software Development Kit -
Netapp Hci H410c Firmware -
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Openjdk 8
Oracle Enterprise Manager Base Platform 13.5.0.0
Oracle Mysql Workbench
Oracle Real User Experience Insight 13.4.1.0
3.9
CVSSv3
CVE-2020-36314
fr-archive-libarchive.c in GNOME file-roller up to and including 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue e...
Gnome File-roller
Fedoraproject Fedora 34
5.5
CVSSv3
CVE-2021-28650
autoar-extractor.c in GNOME gnome-autoar prior to 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists...
Gnome Gnome-autoar
Fedoraproject Fedora 34
5.3
CVSSv3
CVE-2021-28153
An issue exists in GNOME GLib prior to 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevanc...
Gnome Glib
Debian Debian Linux 9.0
Fedoraproject Fedora 33
Broadcom Brocade Fabric Operating System Firmware -
7.5
CVSSv3
CVE-2021-27218
An issue exists in GNOME GLib prior to 2.66.7 and 2.67.x prior to 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
Gnome Glib
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Netapp Cloud Backup -
Netapp Active Iq Unified Manager -
Netapp E-series Performance Analyzer -
Broadcom Brocade Fabric Operating System Firmware -
7.5
CVSSv3
CVE-2021-27219
An issue exists in GNOME GLib prior to 2.66.6 and 2.67.x prior to 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
Gnome Glib
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Netapp Cloud Backup -
Netapp Active Iq Unified Manager -
Netapp E-series Performance Analyzer -
Broadcom Brocade Fabric Operating System Firmware -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »