Filtered by vendor Gnome
Subscribe
Total
312 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-10754 | 2 Fedoraproject, Gnome | 2 Fedora, Networkmanager | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely. | |||||
CVE-2020-13645 | 5 Broadcom, Canonical, Fedoraproject and 2 more | 6 Fabric Operating System, Ubuntu Linux, Fedora and 3 more | 2023-12-10 | 6.4 MEDIUM | 6.5 MEDIUM |
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host. | |||||
CVE-2020-12825 | 1 Gnome | 1 Libcroco | 2023-12-10 | 5.8 MEDIUM | 7.1 HIGH |
libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. | |||||
CVE-2020-11879 | 1 Gnome | 1 Evolution | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value. | |||||
CVE-2020-16117 | 2 Debian, Gnome | 2 Debian Linux, Evolution-data-server | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server. | |||||
CVE-2020-16118 | 2 Gnome, Opensuse | 3 Balsa, Backports Sle, Leap | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c. | |||||
CVE-2020-24661 | 2 Fedoraproject, Gnome | 2 Fedora, Geary | 2023-12-10 | 2.6 LOW | 5.9 MEDIUM |
GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail. | |||||
CVE-2020-11736 | 3 Canonical, Debian, Gnome | 3 Ubuntu Linux, Debian Linux, File-roller | 2023-12-10 | 3.3 LOW | 3.9 LOW |
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. | |||||
CVE-2020-17489 | 4 Canonical, Debian, Gnome and 1 more | 4 Ubuntu Linux, Debian Linux, Gnome-shell and 1 more | 2023-12-10 | 1.9 LOW | 4.3 MEDIUM |
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.) | |||||
CVE-2012-0828 | 3 Gnome, Xchat, Xchat-wdk | 3 Gtk, Xchat, Xchat-wdk | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP). | |||||
CVE-2013-4166 | 2 Gnome, Redhat | 5 Evolution, Evolution Data Server, Enterprise Linux Desktop and 2 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. | |||||
CVE-2019-19451 | 3 Fedoraproject, Gnome, Opensuse | 3 Fedora, Dia, Leap | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3. | |||||
CVE-2019-19308 | 1 Gnome | 1 Gnome-font-viewer | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that returns NULL). | |||||
CVE-2012-6111 | 2 Debian, Gnome | 2 Debian Linux, Gnome Keyring | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function | |||||
CVE-2019-16680 | 4 Canonical, Debian, Gnome and 1 more | 4 Ubuntu Linux, Debian Linux, File-roller and 1 more | 2023-12-10 | 2.6 LOW | 4.3 MEDIUM |
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction. | |||||
CVE-2016-1000002 | 4 Debian, Gnome, Opensuse and 1 more | 4 Debian Linux, Gnome Display Manager, Leap and 1 more | 2023-12-10 | 2.1 LOW | 2.4 LOW |
gdm3 3.14.2 and possibly later has an information leak before screen lock | |||||
CVE-2013-3718 | 4 Debian, Gnome, Opensuse and 1 more | 4 Debian Linux, Evince, Opensuse and 1 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
evince is missing a check on number of pages which can lead to a segmentation fault | |||||
CVE-2011-2897 | 3 Debian, Gnome, Redhat | 3 Debian Linux, Gdk-pixbuf, Enterprise Linux | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw | |||||
CVE-2019-20446 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially. | |||||
CVE-2011-3355 | 2 Gnome, Linux | 2 Evolution-data-server3, Linux Kernel | 2023-12-10 | 4.3 MEDIUM | 7.3 HIGH |
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim. |