VYPR

Vendor CVEs

GNOME Foundation

All CVEs

412 total · sorted by risk
  • CVE-2021-3982Apr 29, 2022
    risk 0.00cvss epss 0.00

    Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler…

  • CVE-2022-29536Apr 20, 2022
    risk 0.00cvss epss 0.02

    In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.

  • CVE-2022-27811Mar 24, 2022
    risk 0.00cvss epss 0.03

    GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename.

  • CVE-2021-20315Feb 18, 2022
    risk 0.00cvss epss 0.00

    A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing…

  • CVE-2021-44648Jan 12, 2022
    risk 0.00cvss epss 0.02

    GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.

  • CVE-2021-45086Dec 16, 2021
    risk 0.00cvss epss 0.01

    XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.

  • CVE-2021-45087Dec 16, 2021
    risk 0.00cvss epss 0.01

    XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.

  • CVE-2021-45088Dec 16, 2021
    risk 0.00cvss epss 0.01

    XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.

  • CVE-2021-45085Dec 16, 2021
    risk 0.00cvss epss 0.01

    XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.

  • CVE-2021-39365Aug 22, 2021
    risk 0.00cvss epss 0.01

    In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

  • CVE-2021-39358Aug 22, 2021
    risk 0.00cvss epss 0.01

    In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

  • CVE-2021-39360Aug 22, 2021
    risk 0.00cvss epss 0.01

    In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

  • CVE-2021-39361Aug 22, 2021
    risk 0.00cvss epss 0.01

    In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

  • CVE-2021-39359Aug 22, 2021
    risk 0.00cvss epss 0.01

    In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

  • CVE-2020-36427Jul 19, 2021
    risk 0.00cvss epss 0.01

    GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image.

  • CVE-2021-3516Jun 1, 2021
    risk 0.00cvss epss 0.02

    There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.

  • CVE-2016-20011May 25, 2021
    risk 0.00cvss epss 0.01

    libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.

  • CVE-2021-28650Mar 17, 2021
    risk 0.00cvss epss 0.01

    autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists…

  • CVE-2021-28153Mar 11, 2021
    risk 0.00cvss epss 0.03

    An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security…

  • CVE-2021-27219Feb 15, 2021
    risk 0.00cvss epss 0.03

    An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

  • CVE-2020-36241Feb 5, 2021
    risk 0.00cvss epss 0.01

    autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

  • CVE-2021-3349Feb 1, 2021
    risk 0.00cvss epss 0.00

    GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether…

  • CVE-2020-27837Dec 28, 2020
    risk 0.00cvss epss 0.00

    A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but…

  • CVE-2020-29385Dec 26, 2020
    risk 0.00cvss epss 0.01

    GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign…

  • CVE-2020-35457Dec 14, 2020
    risk 0.00cvss epss 0.01

    GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries…

  • CVE-2020-24977Sep 3, 2020
    risk 0.00cvss epss 0.04

    GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

  • CVE-2020-17489Aug 11, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time,…

  • CVE-2020-16117Jul 29, 2020
    risk 0.00cvss epss 0.02

    In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.

  • CVE-2020-16118Jul 29, 2020
    risk 0.00cvss epss 0.02

    In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.

  • CVE-2020-14928Jul 17, 2020
    risk 0.00cvss epss 0.03

    evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."

  • CVE-2020-13645May 28, 2020
    risk 0.00cvss epss 0.02

    In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the…

  • CVE-2020-12825May 12, 2020
    risk 0.00cvss epss 0.02

    libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.

  • CVE-2020-11879Apr 17, 2020
    risk 0.00cvss epss 0.03

    An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning…

  • CVE-2019-20326Mar 16, 2020
    risk 0.00cvss epss 0.02

    A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.

  • CVE-2013-4166Feb 6, 2020
    risk 0.00cvss epss 0.02

    The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and…

  • CVE-2019-20446Feb 2, 2020
    risk 0.00cvss epss 0.02

    In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.

  • CVE-2006-7246Jan 27, 2020
    risk 0.00cvss epss 0.01

    NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.

  • CVE-2019-20388Jan 21, 2020
    risk 0.00cvss epss 0.04

    xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

  • CVE-2020-6750Jan 9, 2020
    risk 0.00cvss epss 0.02

    GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending…

  • CVE-2019-19956Dec 24, 2019
    risk 0.00cvss epss 0.06

    xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

  • CVE-2019-19308Nov 27, 2019
    risk 0.00cvss epss 0.01

    In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that returns NULL).

  • CVE-2019-17266Oct 6, 2019
    risk 0.00cvss epss 0.03

    libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.

  • CVE-2019-1010006Jul 15, 2019
    risk 0.00cvss epss 0.02

    Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism…

  • CVE-2019-13012Jun 28, 2019
    risk 0.00cvss epss 0.03

    The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION,…

  • CVE-2019-12795Jun 11, 2019
    risk 0.00cvss epss 0.00

    daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note…

  • CVE-2019-12450May 29, 2019
    risk 0.00cvss epss 0.03

    file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.

  • CVE-2019-12449May 29, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.

  • CVE-2019-12448May 29, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.

  • CVE-2019-12447May 29, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.

  • CVE-2019-11461Apr 22, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling…

Page 5 of 9