Filtered by vendor Gnome
Subscriptions
Total
318 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3567 | 1 Gnome | 1 Caribou | 2024-11-21 | 7.5 High |
| A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage Caribou as an input mechanism. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3349 | 1 Gnome | 1 Evolution | 2024-11-21 | 3.3 Low |
| GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior | ||||
| CVE-2021-39365 | 3 Debian, Gnome, Redhat | 3 Debian Linux, Grilo, Enterprise Linux | 2024-11-21 | 5.9 Medium |
| In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. | ||||
| CVE-2021-39361 | 1 Gnome | 1 Evolution-rss | 2024-11-21 | 5.9 Medium |
| In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. | ||||
| CVE-2021-39360 | 2 Fedoraproject, Gnome | 2 Fedora, Libzapojit | 2024-11-21 | 5.9 Medium |
| In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. | ||||
| CVE-2021-39359 | 2 Fedoraproject, Gnome | 2 Fedora, Libgda | 2024-11-21 | 5.9 Medium |
| In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. | ||||
| CVE-2021-39358 | 3 Fedoraproject, Gnome, Redhat | 3 Fedora, Libgfbgraph, Enterprise Linux | 2024-11-21 | 5.9 Medium |
| In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. | ||||
| CVE-2021-33516 | 2 Gnome, Redhat | 3 Gupnp, Enterprise Linux, Rhel Eus | 2024-11-21 | 8.1 High |
| An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc. | ||||
| CVE-2021-28650 | 3 Fedoraproject, Gnome, Redhat | 3 Fedora, Gnome-autoar, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-36241. | ||||
| CVE-2021-28153 | 5 Broadcom, Debian, Fedoraproject and 2 more | 5 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.3 Medium |
| An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.) | ||||
| CVE-2021-27219 | 6 Broadcom, Debian, Fedoraproject and 3 more | 15 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 12 more | 2024-11-21 | 7.5 High |
| An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. | ||||
| CVE-2021-27218 | 6 Broadcom, Debian, Fedoraproject and 3 more | 8 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 5 more | 2024-11-21 | 7.5 High |
| An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. | ||||
| CVE-2021-20315 | 2 Centos, Gnome | 2 Stream, Gnome-shell | 2024-11-21 | 6.1 Medium |
| A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked. | ||||
| CVE-2021-20297 | 3 Fedoraproject, Gnome, Redhat | 4 Fedora, Networkmanager, Enterprise Linux and 1 more | 2024-11-21 | 5.5 Medium |
| A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2020-6750 | 2 Fedoraproject, Gnome | 2 Fedora, Glib | 2024-11-21 | 5.9 Medium |
| GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected. | ||||
| CVE-2020-36427 | 1 Gnome | 1 Gthumb | 2024-11-21 | 5.5 Medium |
| GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image. | ||||
| CVE-2020-36314 | 3 Fedoraproject, Gnome, Redhat | 3 Fedora, File-roller, Enterprise Linux | 2024-11-21 | 3.9 Low |
| fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736. | ||||
| CVE-2020-36241 | 3 Fedoraproject, Gnome, Redhat | 3 Fedora, Gnome-autoar, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. | ||||
| CVE-2020-35457 | 1 Gnome | 1 Glib | 2024-11-21 | 7.8 High |
| GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented | ||||
| CVE-2020-27837 | 1 Gnome | 1 Gnome Display Manager | 2024-11-21 | 6.4 Medium |
| A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit. | ||||