VYPR
Vendor

GNOME Foundation

The GNOME Foundation is a non-profit organization based in Orinda, California, United States, which works to coordinate the efforts in the GNOME project. The GNOME Foundation works to further the goal of the GNOME project: to create a computing platform for use by the general public that is composed entirely of free software.

Founded 2000
Products
108
CVEs
407
Across products
325
Status
Private

Products

108
View all 108 products →

Recent CVEs

407
View all 407 CVEs →
  • CVE-2017-2885CriApr 24, 2018
    risk 0.66cvss 9.8epss 0.24

    An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this…

  • CVE-2018-16428CriSep 4, 2018
    risk 0.64cvss 9.8epss 0.05

    In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.

  • CVE-2018-12910CriJul 5, 2018
    risk 0.64cvss 9.8epss 0.04

    The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.

  • CVE-2018-12422CriJun 15, 2018
    risk 0.64cvss 9.8epss 0.02

    addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code…

  • CVE-2017-16931CriNov 23, 2017
    risk 0.64cvss 9.8epss 0.04

    parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.

  • CVE-2017-1000044CriJul 17, 2017
    risk 0.64cvss 9.8epss 0.02

    gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering

  • CVE-2017-5885CriFeb 28, 2017
    risk 0.64cvss 9.8epss 0.05

    Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a…

  • CVE-2016-4616CriJul 22, 2016
    risk 0.64cvss 9.8epss 0.03

    libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact…

  • CVE-2016-4615CriJul 22, 2016
    risk 0.64cvss 9.8epss 0.03

    libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact…

  • CVE-2016-4614CriJul 22, 2016
    risk 0.64cvss 9.8epss 0.03

    libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact…

  • CVE-2016-4610CriJul 22, 2016
    risk 0.64cvss 9.8epss 0.05

    libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact…

  • CVE-2016-4609CriJul 22, 2016
    risk 0.64cvss 9.8epss 0.05

    libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact…

  • CVE-2016-4607CriJul 22, 2016
    risk 0.64cvss 9.8epss 0.05

    libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact…

  • CVE-2005-0102CriJan 24, 2005
    risk 0.64cvss 9.8epss 0.03

    Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow.

  • CVE-2017-8872CriMay 10, 2017
    risk 0.59cvss 9.1epss 0.02

    The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.

  • CVE-2017-1000083HigSep 5, 2017
    risk 0.58cvss 7.8epss 0.50

    backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a…

  • CVE-2018-16430HigSep 4, 2018
    risk 0.57cvss 8.8epss 0.03

    GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c.

  • CVE-2016-10727CriJul 20, 2018
    risk 0.57cvss 9.8epss 0.03

    camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers…

  • CVE-2018-10112HigApr 16, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file…

  • CVE-2017-1000422HigJan 2, 2018
    risk 0.57cvss 8.8epss 0.02

    Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution