Vulnerabilities (CVE)

Vendor filter

Gnome Subscribe


206 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-11396 1 Gnome 1 Epiphany 2019-10-16 5.0
ephy-session.c in in GNOME Web (aka Epiphany) through allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted call.
CVE-2019-17266 2 Gnome, Canonical 2 Libsoup, Ubuntu Linux 2019-10-10 7.5
libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.
CVE-2019-3890 2 Gnome, Redhat 2 Evolution-ews, Enterprise Linux 2019-10-09 5.8
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the...
CVE-2019-3825 3 Gnome, Canonical, Redhat 3 Gnome Display Manager, Ubuntu Linux, Enterprise Linux 2019-10-09 6.9
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain...
CVE-2017-12164 1 Gnome 1 Gnome Display Manager 2019-10-09 6.9
A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.
CVE-2017-6314 1 Gnome 1 Gdk-pixbuf 2019-10-03 4.3
The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
CVE-2017-17689 16 9folders, Apple, Bloop and 13 more 17 Nine, Mail, Airmail and 14 more 2019-10-03 4.3
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
CVE-2017-11171 1 Gnome 1 Gnome-session 2019-10-03 4.9
Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data...
CVE-2017-8871 1 Gnome 1 Libcroco 2019-10-03 7.1
The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.
CVE-2018-10733 3 Gnome, Redhat, Opensuse 6 Libgxps, Ansible Tower, Enterprise Linux Desktop and 3 more 2019-10-03 4.3
There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.
CVE-2017-1000024 1 Gnome 1 Shotwell 2019-10-03 5.0
Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission
CVE-2018-11713 2 Webkitgtk, Gnome 2 Webkitgtk%2b, Libsoup 2019-10-03 4.3
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket...
CVE-2017-1000083 3 Gnome, Debian, Redhat 8 Evince, Debian Linux, Enterprise Linux Desktop and 5 more 2019-10-03 6.8
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line...
CVE-2017-14108 1 Gnome 1 Gedit 2019-10-03 7.1
libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters.
CVE-2018-1000041 2 Gnome, Debian 2 Librsvg, Debian Linux 2019-10-03 4.3
GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers...
CVE-2018-12016 1 Gnome 1 Epiphany 2019-10-03 5.0 in GNOME Web (aka Epiphany) through allows remote attackers to cause a denial of service (application crash) via certain and document.write calls.
CVE-2017-7960 1 Gnome 1 Libcroco 2019-10-03 4.3
The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.
CVE-2018-10900 2 Debian, Gnome 2 Debian Linux, Network Manager Vpnc 2019-10-03 7.2
Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing...
CVE-2018-10767 2 Gnome, Redhat 5 Libgxps, Ansible Tower, Enterprise Linux Desktop and 2 more 2019-10-03 4.3
There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input...
CVE-2019-12447 4 Gnome, Canonical, Fedoraproject and 1 more 4 Gvfs, Ubuntu Linux, Fedora and 1 more 2019-09-20 4.9
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.