Vulnerabilities (CVE)

Filtered by vendor Gnome Subscribe
Total 312 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-29499 1 Gnome 1 Glib 2023-12-10 N/A 7.5 HIGH
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.
CVE-2023-32665 1 Gnome 1 Glib 2023-12-10 N/A 5.5 MEDIUM
A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.
CVE-2023-26081 2 Fedoraproject, Gnome 2 Fedora, Epiphany 2023-12-10 N/A 7.5 HIGH
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
CVE-2021-42522 1 Gnome 1 Anjuta 2023-12-10 N/A 7.5 HIGH
There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call 'g_free()' to release the return value of 'xmlGetProp()'.
CVE-2022-37290 2 Fedoraproject, Gnome 2 Fedora, Nautilus 2023-12-10 N/A 5.5 MEDIUM
GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.
CVE-2021-46829 3 Debian, Fedoraproject, Gnome 3 Debian Linux, Fedora, Gdk-pixbuf 2023-12-10 N/A 7.8 HIGH
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.
CVE-2021-3800 3 Debian, Gnome, Netapp 3 Debian Linux, Glib, Active Iq Unified Manager 2023-12-10 N/A 5.5 MEDIUM
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
CVE-2022-29536 3 Debian, Fedoraproject, Gnome 3 Debian Linux, Fedora, Epiphany 2023-12-10 5.0 MEDIUM 7.5 HIGH
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
CVE-2021-20315 2 Centos, Gnome 2 Stream, Gnome-shell 2023-12-10 3.6 LOW 6.1 MEDIUM
A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked.
CVE-2022-27811 1 Gnome 1 Ocrfeeder 2023-12-10 7.5 HIGH 9.8 CRITICAL
GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename.
CVE-2021-3567 1 Gnome 1 Caribou 2023-12-10 5.0 MEDIUM 7.5 HIGH
A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage Caribou as an input mechanism. The highest threat from this vulnerability is to system availability.
CVE-2021-3982 1 Gnome 1 Gnome-shell 2023-12-10 2.1 LOW 5.5 MEDIUM
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine.
CVE-2021-45087 2 Debian, Gnome 2 Debian Linux, Epiphany 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
CVE-2021-44648 3 Debian, Fedoraproject, Gnome 3 Debian Linux, Fedora, Gdkpixbuf 2023-12-10 6.8 MEDIUM 8.8 HIGH
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.
CVE-2021-45088 2 Debian, Gnome 2 Debian Linux, Epiphany 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.
CVE-2021-45085 2 Debian, Gnome 2 Debian Linux, Epiphany 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.
CVE-2021-45086 2 Debian, Gnome 2 Debian Linux, Epiphany 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.
CVE-2020-36314 2 Fedoraproject, Gnome 2 Fedora, File-roller 2023-12-10 2.6 LOW 3.9 LOW
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.
CVE-2021-20297 3 Fedoraproject, Gnome, Redhat 4 Fedora, Networkmanager, Enterprise Linux and 1 more 2023-12-10 2.1 LOW 5.5 MEDIUM
A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability.
CVE-2021-39361 1 Gnome 1 Evolution-rss 2023-12-10 4.3 MEDIUM 5.9 MEDIUM
In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.