Filtered by vendor Gnome
Subscribe
Total
312 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-29499 | 1 Gnome | 1 Glib | 2023-12-10 | N/A | 7.5 HIGH |
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. | |||||
CVE-2023-32665 | 1 Gnome | 1 Glib | 2023-12-10 | N/A | 5.5 MEDIUM |
A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. | |||||
CVE-2023-26081 | 2 Fedoraproject, Gnome | 2 Fedora, Epiphany | 2023-12-10 | N/A | 7.5 HIGH |
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. | |||||
CVE-2021-42522 | 1 Gnome | 1 Anjuta | 2023-12-10 | N/A | 7.5 HIGH |
There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call 'g_free()' to release the return value of 'xmlGetProp()'. | |||||
CVE-2022-37290 | 2 Fedoraproject, Gnome | 2 Fedora, Nautilus | 2023-12-10 | N/A | 5.5 MEDIUM |
GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive. | |||||
CVE-2021-46829 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Gdk-pixbuf | 2023-12-10 | N/A | 7.8 HIGH |
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems. | |||||
CVE-2021-3800 | 3 Debian, Gnome, Netapp | 3 Debian Linux, Glib, Active Iq Unified Manager | 2023-12-10 | N/A | 5.5 MEDIUM |
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition. | |||||
CVE-2022-29536 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Epiphany | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered. | |||||
CVE-2021-20315 | 2 Centos, Gnome | 2 Stream, Gnome-shell | 2023-12-10 | 3.6 LOW | 6.1 MEDIUM |
A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked. | |||||
CVE-2022-27811 | 1 Gnome | 1 Ocrfeeder | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename. | |||||
CVE-2021-3567 | 1 Gnome | 1 Caribou | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage Caribou as an input mechanism. The highest threat from this vulnerability is to system availability. | |||||
CVE-2021-3982 | 1 Gnome | 1 Gnome-shell | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine. | |||||
CVE-2021-45087 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title. | |||||
CVE-2021-44648 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Gdkpixbuf | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12. | |||||
CVE-2021-45088 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page. | |||||
CVE-2021-45085 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list. | |||||
CVE-2021-45086 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js. | |||||
CVE-2020-36314 | 2 Fedoraproject, Gnome | 2 Fedora, File-roller | 2023-12-10 | 2.6 LOW | 3.9 LOW |
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736. | |||||
CVE-2021-20297 | 3 Fedoraproject, Gnome, Redhat | 4 Fedora, Networkmanager, Enterprise Linux and 1 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability. | |||||
CVE-2021-39361 | 1 Gnome | 1 Evolution-rss | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. |