Filtered by vendor Gnome
Subscribe
Total
312 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0421 | 1 Gnome | 1 Pango | 2021-07-14 | 4.3 MEDIUM | N/A |
| Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database. | |||||
| CVE-2011-3193 | 5 Canonical, Gnome, Opensuse and 2 more | 8 Ubuntu Linux, Pango, Opensuse and 5 more | 2021-07-14 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. | |||||
| CVE-2016-20011 | 1 Gnome | 1 Libgrss | 2021-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync. | |||||
| CVE-2009-3721 | 2 Gnome, Ytnef Project | 2 Evolution, Ytnef | 2021-06-04 | 6.8 MEDIUM | 7.8 HIGH |
| Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments. | |||||
| CVE-2021-20297 | 3 Fedoraproject, Gnome, Redhat | 4 Fedora, Networkmanager, Enterprise Linux and 1 more | 2021-06-03 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-33516 | 1 Gnome | 1 Gupnp | 2021-05-28 | 5.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc. | |||||
| CVE-2020-17489 | 4 Canonical, Debian, Gnome and 1 more | 4 Ubuntu Linux, Debian Linux, Gnome-shell and 1 more | 2021-03-26 | 1.9 LOW | 4.3 MEDIUM |
| An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.) | |||||
| CVE-2018-20781 | 3 Canonical, Gnome, Oracle | 3 Ubuntu Linux, Gnome Keyring, Zfs Storage Appliance Kit | 2021-03-16 | 2.1 LOW | 7.8 HIGH |
| In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext. | |||||
| CVE-2020-27837 | 1 Gnome | 1 Gnome Display Manager | 2020-12-30 | 4.4 MEDIUM | 6.4 MEDIUM |
| A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit. | |||||
| CVE-2018-10900 | 2 Debian, Gnome | 2 Debian Linux, Network Manager Vpnc | 2020-12-04 | 7.2 HIGH | 7.8 HIGH |
| Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root. | |||||
| CVE-2020-16125 | 1 Gnome | 1 Gnome Display Manager | 2020-11-24 | 4.6 MEDIUM | 6.8 MEDIUM |
| gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account. | |||||
| CVE-2019-3827 | 1 Gnome | 1 Gvfs | 2020-10-19 | 3.3 LOW | 7.0 HIGH |
| An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration. | |||||
| CVE-2020-11879 | 1 Gnome | 1 Evolution | 2020-09-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value. | |||||
| CVE-2018-11396 | 1 Gnome | 1 Epiphany | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call. | |||||
| CVE-2018-5345 | 5 Canonical, Debian, Fedoraproject and 2 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file. | |||||
| CVE-2019-11461 | 1 Gnome | 1 Nautilus | 2020-08-24 | 4.4 MEDIUM | 7.8 HIGH |
| An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063. | |||||
| CVE-2017-8834 | 2 Gnome, Opensuse | 2 Libcroco, Leap | 2020-08-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file. | |||||
| CVE-2017-8871 | 2 Gnome, Opensuse | 2 Libcroco, Leap | 2020-08-19 | 7.1 HIGH | 6.5 MEDIUM |
| The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file. | |||||
| CVE-2012-2736 | 4 Canonical, Debian, Gnome and 1 more | 4 Ubuntu Linux, Debian Linux, Networkmanager and 1 more | 2020-08-18 | 3.3 LOW | 4.4 MEDIUM |
| In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network. | |||||
| CVE-2017-14604 | 2 Debian, Gnome | 2 Debian Linux, Nautilus | 2020-08-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field. | |||||