Skip to main content

Shotwell

2 CVEs product

Monthly

CVE-2017-1000024 HIGH This Week

Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Shotwell
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-1000033 LOW Monitor

Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Shotwell Enterprise Linux
NVD
CVSS 3.1
3.7
EPSS
0.4%
EPSS 0% CVSS 7.5
HIGH This Week

Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Shotwell
NVD
EPSS 0% CVSS 3.7
LOW Monitor

Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Shotwell Enterprise Linux
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy