Filtered by vendor Gnome
Subscribe
Total
322 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0010 | 1 Gnome | 1 Gtk | 2022-02-07 | 2.1 LOW | N/A |
| The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file. | |||||
| CVE-2021-45086 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2022-01-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js. | |||||
| CVE-2021-39365 | 2 Debian, Gnome | 2 Debian Linux, Grilo | 2021-12-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. | |||||
| CVE-2011-1943 | 2 Fedoraproject, Gnome | 2 Fedora, Networkmanager | 2021-11-02 | 2.1 LOW | N/A |
| The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file. | |||||
| CVE-2019-3820 | 3 Canonical, Gnome, Opensuse | 3 Ubuntu Linux, Gnome-shell, Leap | 2021-09-29 | 4.6 MEDIUM | 4.3 MEDIUM |
| It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions. | |||||
| CVE-2005-2410 | 1 Gnome | 1 Networkmanager | 2021-09-27 | 7.5 HIGH | N/A |
| Format string vulnerability in the nm_info_handler function in Network Manager may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier, which is not properly handled in a syslog call. | |||||
| CVE-2019-20326 | 3 Debian, Gnome, Linuxmint | 3 Debian Linux, Gthumb, Pix | 2021-09-14 | 6.8 MEDIUM | 7.8 HIGH |
| A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file. | |||||
| CVE-2021-39361 | 1 Gnome | 1 Evolution-rss | 2021-08-30 | 4.3 MEDIUM | 5.9 MEDIUM |
| In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. | |||||
| CVE-2020-36427 | 1 Gnome | 1 Gthumb | 2021-07-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image. | |||||
| CVE-2019-9633 | 1 Gnome | 1 Glib | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany). | |||||
| CVE-2010-0421 | 1 Gnome | 1 Pango | 2021-07-14 | 4.3 MEDIUM | N/A |
| Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database. | |||||
| CVE-2011-3193 | 5 Canonical, Gnome, Opensuse and 2 more | 8 Ubuntu Linux, Pango, Opensuse and 5 more | 2021-07-14 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. | |||||
| CVE-2018-15120 | 2 Canonical, Gnome | 2 Ubuntu Linux, Pango | 2021-07-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences. | |||||
| CVE-2011-0064 | 2 Gnome, Mozilla | 2 Pango, Firefox | 2021-07-14 | 6.8 MEDIUM | N/A |
| The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index. | |||||
| CVE-2016-20011 | 1 Gnome | 1 Libgrss | 2021-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync. | |||||
| CVE-2009-3721 | 2 Gnome, Ytnef Project | 2 Evolution, Ytnef | 2021-06-04 | 6.8 MEDIUM | 7.8 HIGH |
| Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments. | |||||
| CVE-2021-20297 | 3 Fedoraproject, Gnome, Redhat | 4 Fedora, Networkmanager, Enterprise Linux and 1 more | 2021-06-03 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-33516 | 1 Gnome | 1 Gupnp | 2021-05-28 | 5.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc. | |||||
| CVE-2020-17489 | 4 Canonical, Debian, Gnome and 1 more | 4 Ubuntu Linux, Debian Linux, Gnome-shell and 1 more | 2021-03-26 | 1.9 LOW | 4.3 MEDIUM |
| An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.) | |||||
| CVE-2018-20781 | 3 Canonical, Gnome, Oracle | 3 Ubuntu Linux, Gnome Keyring, Zfs Storage Appliance Kit | 2021-03-16 | 2.1 LOW | 7.8 HIGH |
| In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext. | |||||