Vendor CVEs
GNOME Foundation
All CVEs
412 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-3982 | 0.00 | — | 0.00 | Apr 29, 2022 | Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler… | |||
| CVE-2022-29536 | 0.00 | — | 0.02 | Apr 20, 2022 | In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered. | |||
| CVE-2022-27811 | 0.00 | — | 0.03 | Mar 24, 2022 | GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename. | |||
| CVE-2021-20315 | 0.00 | — | 0.00 | Feb 18, 2022 | A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing… | |||
| CVE-2021-44648 | 0.00 | — | 0.02 | Jan 12, 2022 | GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12. | |||
| CVE-2021-45086 | 0.00 | — | 0.01 | Dec 16, 2021 | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js. | |||
| CVE-2021-45087 | 0.00 | — | 0.01 | Dec 16, 2021 | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title. | |||
| CVE-2021-45088 | 0.00 | — | 0.01 | Dec 16, 2021 | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page. | |||
| CVE-2021-45085 | 0.00 | — | 0.01 | Dec 16, 2021 | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list. | |||
| CVE-2021-39365 | 0.00 | — | 0.01 | Aug 22, 2021 | In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. | |||
| CVE-2021-39358 | 0.00 | — | 0.01 | Aug 22, 2021 | In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. | |||
| CVE-2021-39360 | 0.00 | — | 0.01 | Aug 22, 2021 | In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. | |||
| CVE-2021-39361 | 0.00 | — | 0.01 | Aug 22, 2021 | In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. | |||
| CVE-2021-39359 | 0.00 | — | 0.01 | Aug 22, 2021 | In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. | |||
| CVE-2020-36427 | 0.00 | — | 0.01 | Jul 19, 2021 | GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image. | |||
| CVE-2021-3516 | 0.00 | — | 0.02 | Jun 1, 2021 | There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability. | |||
| CVE-2016-20011 | 0.00 | — | 0.01 | May 25, 2021 | libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync. | |||
| CVE-2021-28650 | 0.00 | — | 0.01 | Mar 17, 2021 | autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists… | |||
| CVE-2021-28153 | 0.00 | — | 0.03 | Mar 11, 2021 | An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security… | |||
| CVE-2021-27219 | 0.00 | — | 0.03 | Feb 15, 2021 | An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. | |||
| CVE-2020-36241 | 0.00 | — | 0.01 | Feb 5, 2021 | autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. | |||
| CVE-2021-3349 | 0.00 | — | 0.00 | Feb 1, 2021 | GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether… | |||
| CVE-2020-27837 | 0.00 | — | 0.00 | Dec 28, 2020 | A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but… | |||
| CVE-2020-29385 | 0.00 | — | 0.01 | Dec 26, 2020 | GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign… | |||
| CVE-2020-35457 | 0.00 | — | 0.01 | Dec 14, 2020 | GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries… | |||
| CVE-2020-24977 | 0.00 | — | 0.04 | Sep 3, 2020 | GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. | |||
| CVE-2020-17489 | 0.00 | — | 0.01 | Aug 11, 2020 | An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time,… | |||
| CVE-2020-16117 | 0.00 | — | 0.02 | Jul 29, 2020 | In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server. | |||
| CVE-2020-16118 | 0.00 | — | 0.02 | Jul 29, 2020 | In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c. | |||
| CVE-2020-14928 | 0.00 | — | 0.03 | Jul 17, 2020 | evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection." | |||
| CVE-2020-13645 | 0.00 | — | 0.02 | May 28, 2020 | In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the… | |||
| CVE-2020-12825 | 0.00 | — | 0.02 | May 12, 2020 | libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. | |||
| CVE-2020-11879 | 0.00 | — | 0.03 | Apr 17, 2020 | An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning… | |||
| CVE-2019-20326 | 0.00 | — | 0.02 | Mar 16, 2020 | A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file. | |||
| CVE-2013-4166 | 0.00 | — | 0.02 | Feb 6, 2020 | The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and… | |||
| CVE-2019-20446 | 0.00 | — | 0.02 | Feb 2, 2020 | In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially. | |||
| CVE-2006-7246 | 0.00 | — | 0.01 | Jan 27, 2020 | NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. | |||
| CVE-2019-20388 | 0.00 | — | 0.04 | Jan 21, 2020 | xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. | |||
| CVE-2020-6750 | 0.00 | — | 0.02 | Jan 9, 2020 | GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending… | |||
| CVE-2019-19956 | 0.00 | — | 0.06 | Dec 24, 2019 | xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. | |||
| CVE-2019-19308 | 0.00 | — | 0.01 | Nov 27, 2019 | In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that returns NULL). | |||
| CVE-2019-17266 | 0.00 | — | 0.03 | Oct 6, 2019 | libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy. | |||
| CVE-2019-1010006 | 0.00 | — | 0.02 | Jul 15, 2019 | Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism… | |||
| CVE-2019-13012 | 0.00 | — | 0.03 | Jun 28, 2019 | The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION,… | |||
| CVE-2019-12795 | 0.00 | — | 0.00 | Jun 11, 2019 | daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note… | |||
| CVE-2019-12450 | 0.00 | — | 0.03 | May 29, 2019 | file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. | |||
| CVE-2019-12449 | 0.00 | — | 0.02 | May 29, 2019 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable. | |||
| CVE-2019-12448 | 0.00 | — | 0.02 | May 29, 2019 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write. | |||
| CVE-2019-12447 | 0.00 | — | 0.02 | May 29, 2019 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. | |||
| CVE-2019-11461 | 0.00 | — | 0.00 | Apr 22, 2019 | An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling… |
- CVE-2021-3982Apr 29, 2022risk 0.00cvss —epss 0.00
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler…
- CVE-2022-29536Apr 20, 2022risk 0.00cvss —epss 0.02
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
- CVE-2022-27811Mar 24, 2022risk 0.00cvss —epss 0.03
GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename.
- CVE-2021-20315Feb 18, 2022risk 0.00cvss —epss 0.00
A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing…
- CVE-2021-44648Jan 12, 2022risk 0.00cvss —epss 0.02
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.
- CVE-2021-45086Dec 16, 2021risk 0.00cvss —epss 0.01
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.
- CVE-2021-45087Dec 16, 2021risk 0.00cvss —epss 0.01
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
- CVE-2021-45088Dec 16, 2021risk 0.00cvss —epss 0.01
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.
- CVE-2021-45085Dec 16, 2021risk 0.00cvss —epss 0.01
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.
- CVE-2021-39365Aug 22, 2021risk 0.00cvss —epss 0.01
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
- CVE-2021-39358Aug 22, 2021risk 0.00cvss —epss 0.01
In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
- CVE-2021-39360Aug 22, 2021risk 0.00cvss —epss 0.01
In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
- CVE-2021-39361Aug 22, 2021risk 0.00cvss —epss 0.01
In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
- CVE-2021-39359Aug 22, 2021risk 0.00cvss —epss 0.01
In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
- CVE-2020-36427Jul 19, 2021risk 0.00cvss —epss 0.01
GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image.
- CVE-2021-3516Jun 1, 2021risk 0.00cvss —epss 0.02
There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.
- CVE-2016-20011May 25, 2021risk 0.00cvss —epss 0.01
libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.
- CVE-2021-28650Mar 17, 2021risk 0.00cvss —epss 0.01
autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists…
- CVE-2021-28153Mar 11, 2021risk 0.00cvss —epss 0.03
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security…
- CVE-2021-27219Feb 15, 2021risk 0.00cvss —epss 0.03
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
- CVE-2020-36241Feb 5, 2021risk 0.00cvss —epss 0.01
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
- CVE-2021-3349Feb 1, 2021risk 0.00cvss —epss 0.00
GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether…
- CVE-2020-27837Dec 28, 2020risk 0.00cvss —epss 0.00
A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but…
- CVE-2020-29385Dec 26, 2020risk 0.00cvss —epss 0.01
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign…
- CVE-2020-35457Dec 14, 2020risk 0.00cvss —epss 0.01
GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries…
- CVE-2020-24977Sep 3, 2020risk 0.00cvss —epss 0.04
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
- CVE-2020-17489Aug 11, 2020risk 0.00cvss —epss 0.01
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time,…
- CVE-2020-16117Jul 29, 2020risk 0.00cvss —epss 0.02
In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.
- CVE-2020-16118Jul 29, 2020risk 0.00cvss —epss 0.02
In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.
- CVE-2020-14928Jul 17, 2020risk 0.00cvss —epss 0.03
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
- CVE-2020-13645May 28, 2020risk 0.00cvss —epss 0.02
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the…
- CVE-2020-12825May 12, 2020risk 0.00cvss —epss 0.02
libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.
- CVE-2020-11879Apr 17, 2020risk 0.00cvss —epss 0.03
An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning…
- CVE-2019-20326Mar 16, 2020risk 0.00cvss —epss 0.02
A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.
- CVE-2013-4166Feb 6, 2020risk 0.00cvss —epss 0.02
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and…
- CVE-2019-20446Feb 2, 2020risk 0.00cvss —epss 0.02
In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.
- CVE-2006-7246Jan 27, 2020risk 0.00cvss —epss 0.01
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.
- CVE-2019-20388Jan 21, 2020risk 0.00cvss —epss 0.04
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
- CVE-2020-6750Jan 9, 2020risk 0.00cvss —epss 0.02
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending…
- CVE-2019-19956Dec 24, 2019risk 0.00cvss —epss 0.06
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
- CVE-2019-19308Nov 27, 2019risk 0.00cvss —epss 0.01
In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that returns NULL).
- CVE-2019-17266Oct 6, 2019risk 0.00cvss —epss 0.03
libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.
- CVE-2019-1010006Jul 15, 2019risk 0.00cvss —epss 0.02
Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism…
- CVE-2019-13012Jun 28, 2019risk 0.00cvss —epss 0.03
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION,…
- CVE-2019-12795Jun 11, 2019risk 0.00cvss —epss 0.00
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note…
- CVE-2019-12450May 29, 2019risk 0.00cvss —epss 0.03
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
- CVE-2019-12449May 29, 2019risk 0.00cvss —epss 0.02
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.
- CVE-2019-12448May 29, 2019risk 0.00cvss —epss 0.02
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.
- CVE-2019-12447May 29, 2019risk 0.00cvss —epss 0.02
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.
- CVE-2019-11461Apr 22, 2019risk 0.00cvss —epss 0.00
An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling…
Page 5 of 9