Filtered by vendor Gnome
Subscribe
Total
72 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-20240 | 2 Fedoraproject, Gnome | 2 Fedora, Gdk-pixbuf | 2023-12-10 | 8.3 HIGH | 8.8 HIGH |
A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2021-33516 | 1 Gnome | 1 Gupnp | 2023-12-10 | 5.8 MEDIUM | 8.1 HIGH |
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc. | |||||
CVE-2009-3721 | 2 Gnome, Ytnef Project | 2 Evolution, Ytnef | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments. | |||||
CVE-2021-27219 | 5 Broadcom, Debian, Fedoraproject and 2 more | 7 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 4 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. | |||||
CVE-2021-27218 | 5 Broadcom, Debian, Fedoraproject and 2 more | 7 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 4 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. | |||||
CVE-2019-20326 | 3 Debian, Gnome, Linuxmint | 3 Debian Linux, Gthumb, Pix | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file. | |||||
CVE-2020-12825 | 1 Gnome | 1 Libcroco | 2023-12-10 | 5.8 MEDIUM | 7.1 HIGH |
libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. | |||||
CVE-2020-16118 | 2 Gnome, Opensuse | 3 Balsa, Backports Sle, Leap | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c. | |||||
CVE-2013-4166 | 2 Gnome, Redhat | 5 Evolution, Evolution Data Server, Enterprise Linux Desktop and 2 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. | |||||
CVE-2012-6111 | 2 Debian, Gnome | 2 Debian Linux, Gnome Keyring | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function | |||||
CVE-2011-3355 | 2 Gnome, Linux | 2 Evolution-data-server3, Linux Kernel | 2023-12-10 | 4.3 MEDIUM | 7.3 HIGH |
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim. | |||||
CVE-2012-5535 | 2 Fedoraproject, Gnome | 2 Fedora, Gnome-system-log | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
gnome-system-log polkit policy allows arbitrary files on the system to be read | |||||
CVE-2013-4245 | 2 Debian, Gnome | 2 Debian Linux, Orca | 2023-12-10 | 4.4 MEDIUM | 7.3 HIGH |
Orca has arbitrary code execution due to insecure Python module load | |||||
CVE-2019-3890 | 2 Gnome, Redhat | 2 Evolution-ews, Enterprise Linux | 2023-12-10 | 5.8 MEDIUM | 8.1 HIGH |
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference. | |||||
CVE-2019-11461 | 1 Gnome | 1 Nautilus | 2023-12-10 | 4.4 MEDIUM | 7.8 HIGH |
An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063. | |||||
CVE-2019-13012 | 1 Gnome | 1 Glib | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450. | |||||
CVE-2017-12447 | 2 Canonical, Gnome | 3 Ubuntu Linux, Gdk-pixbuf, Nautilus | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder. | |||||
CVE-2019-12795 | 1 Gnome | 1 Gvfs | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.) | |||||
CVE-2019-12448 | 1 Gnome | 1 Gvfs | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write. | |||||
CVE-2019-12447 | 4 Canonical, Fedoraproject, Gnome and 1 more | 4 Ubuntu Linux, Fedora, Gvfs and 1 more | 2023-12-10 | 4.9 MEDIUM | 7.3 HIGH |
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. |