Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gdm | 2.0_beta4 |
Buffer overflow in GNOME libraries 1.0.8 allows local user to gain root access via a long --espeaker argument in programs such as nethack.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome_libs | 1.0.8 |
| mandrakesoft | mandrake_linux | 6.0 |
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | suse_linux | 6.2 |
| caldera | openlinux | * |
| gnome | gdm | 1.0 |
| suse | suse_linux | 6.4 |
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| open_group | x | 11.0r6 |
| xfree86_project | x11r6 | 3.3.4 |
| xfree86_project | x11r6 | 3.3.3 |
| gnome | gdm | 1.0 |
| gnome | gdm | 1.1 |
| xfree86_project | x11r6 | 3.3.6 |
| open_group | x | 11.0r6.2 |
| xfree86_project | x11r6 | 3.3.5 |
| open_group | x | 11.0r5 |
| open_group | x | 11.0r6.4 |
| open_group | x | 11.0r6.1 |
| xfree86_project | x11r6 | 4.0 |
| open_group | x | 11.0r6.3 |
Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | esound | 0.2.19 |
GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnorpm | * |
GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gtk | 1.2.8 |
Format string vulnerability in the permitted function of GNOME libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers to execute arbitrary code via an argument that contains format specifiers that are passed into the (1) syslog_message and (2) syslog_io_message functions.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libgtop_daemon | 1.0.12 |
| gnome | libgtop_daemon | 1.0.9 |
| gnome | libgtop_daemon | 1.0.7 |
| gnome | libgtop_daemon | 1.0.6 |
Buffer overflow in the permitted function of GNOME gtop daemon (libgtop_daemon) in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libgtop_daemon | 1.0.12 |
| gnome | libgtop_daemon | 1.0.9 |
| gnome | libgtop_daemon | 1.0.7 |
| gnome | libgtop_daemon | 1.0.13 |
| gnome | libgtop_daemon | 1.0.6 |
Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | linux | 6.2 |
| gnome | bonobo | * |
| mandrakesoft | mandrake_linux | 7.1 |
| slackware | slackware_linux | 8.0 |
| mandrakesoft | mandrake_linux | 9.0 |
| mandrakesoft | mandrake_linux | 8.0 |
| redhat | linux | 7.0 |
| redhat | linux | 7.1 |
VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nalin_dahyabhai | vte | 0.11.21 |
| nalin_dahyabhai | vte | 0.22.5 |
| nalin_dahyabhai | vte | 0.12.2 |
| nalin_dahyabhai | vte | 0.16.14 |
| nalin_dahyabhai | vte | 0.20.5 |
| nalin_dahyabhai | vte | 0.25.1 |
| gnome | gnome-terminal | 2.2 |
| nalin_dahyabhai | vte | 0.14.2 |
| gnome | gnome-terminal | 2.0 |
| nalin_dahyabhai | vte | 0.24.3 |
| nalin_dahyabhai | vte | 0.17.4 |
| nalin_dahyabhai | vte | 0.15.0 |
The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not include any rules in the FORWARD chain, which could allow attackers to bypass intended access restrictions if packet forwarding is enabled.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome-lokkit | 0.50_21 |
GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gtkhtml | 1.1.10 |
| gnome | gtkhtml | 1.1.9 |
Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | eog | 1.0.2 |
| gnome | eog | 1.0.0 |
| gnome | eog | 1.0.1 |
| gnome | eog | 2.2.0 |
| gnome | eog | 1.1.4 |
| gnome | eog | 1.0.4 |
| gnome | eog | 1.1.3 |
| gnome | eog | 1.0.3 |
| gnome | eog | 1.1.1 |
| gnome | eog | 1.1.2 |
Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows remote attackers to execute arbitrary code via a long connection string.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | batalla_naval | 1.0_4 |
gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gtkhtml | * |
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | kdebase | 2.4.0.7.13 |
| gnome | gdm | 2.4.1.6 |
| redhat | kdebase | 2.4.1.3.5 |
| gnome | gdm | 2.4.1.2 |
| gnome | gdm | 2.4.1.3 |
| gnome | gdm | 2.4.1.1 |
| gnome | gdm | 2.4.1.4 |
| gnome | gdm | 2.4.1 |
| gnome | gdm | 2.4.1.5 |
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 2.1 |
| redhat | kdebase | 2.0_beta2.45 |
| redhat | linux_advanced_workstation | 2.1 |
| gnome | gdm | 2.4.1.1 |
| gnome | gdm | 2.4.1.4 |
| gnome | gdm | 2.4.1 |
| gnome | gdm | 2.4.1.5 |
| redhat | kdebase | 2.4.0.7.13 |
| gnome | gdm | 2.4.1.6 |
| redhat | kdebase | 2.2.3.1.22 |
| redhat | kdebase | 2.4.1.3.5 |
| gnome | gdm | 2.4.1.2 |
| redhat | kdebase | 2.2.3.1.20 |
| gnome | gdm | 2.4.1.3 |
| gnome | gdm | 2.2.0 |
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 2.1 |
| redhat | kdebase | 2.0_beta2.45 |
| redhat | linux_advanced_workstation | 2.1 |
| gnome | gdm | 2.4.1.1 |
| gnome | gdm | 2.4.1.4 |
| gnome | gdm | 2.4.1 |
| gnome | gdm | 2.4.1.5 |
| redhat | kdebase | 2.4.0.7.13 |
| gnome | gdm | 2.4.1.6 |
| redhat | kdebase | 2.2.3.1.22 |
| redhat | kdebase | 2.4.1.3.5 |
| gnome | gdm | 2.4.1.2 |
| redhat | kdebase | 2.2.3.1.20 |
| gnome | gdm | 2.4.1.3 |
| gnome | gdm | 2.2.0 |
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gdm | 2.4.1.6 |
| gnome | gdm | 2.2.5.4 |
| gnome | gdm | 2.4.1.2 |
| gnome | gdm | 2.4.1.3 |
| gnome | gdm | 2.4.4 |
| gnome | gdm | 2.4.1.1 |
| gnome | gdm | 2.4.1.4 |
| gnome | gdm | 2.4.1 |
| gnome | gdm | 2.4.1.5 |
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gdm | 2.4.1.6 |
| gnome | gdm | 2.2.5.4 |
| gnome | gdm | 2.4.1.2 |
| gnome | gdm | 2.4.1.3 |
| gnome | gdm | 2.4.4 |
| gnome | gdm | 2.4.1.1 |
| gnome | gdm | 2.4.1.4 |
| gnome | gdm | 2.4.1 |
| gnome | gdm | 2.4.1.5 |
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 3.0 |
| redhat | enterprise_linux | 2.1 |
| gnome | gdkpixbuf | 0.20 |
| gnome | gdkpixbuf | 0.18 |
| redhat | linux_advanced_workstation | 2.1 |
| redhat | gdk_pixbuf | 0.18.0-7 |
| sgi | propack | 2.3 |
| sgi | propack | 2.4 |
The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gdkpixbuf | 0.17 |
| gnome | gdkpixbuf | 0.22 |
| gnome | gdkpixbuf | 0.20 |
| gnome | gdkpixbuf | 0.18 |
| gnome | gtk | * |
Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gdkpixbuf | 0.17 |
| gnome | gtk | 2.0.2 |
| gnome | gdkpixbuf | 0.22 |
| gnome | gdkpixbuf | 0.20 |
| gnome | gtk | 2.0.6 |
| gnome | gdkpixbuf | 0.18 |
| gnome | gtk | 2.2.4 |
| gnome | gtk | 2.2.3 |
| gnome | gtk | 2.2.1 |
Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gdkpixbuf | 0.17 |
| gnome | gtk | 2.0.2 |
| gnome | gdkpixbuf | 0.22 |
| gnome | gdkpixbuf | 0.20 |
| gnome | gtk | 2.0.6 |
| gnome | gdkpixbuf | 0.18 |
| gnome | gtk | 2.2.4 |
| gnome | gtk | 2.2.3 |
| gnome | gtk | 2.2.1 |
Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gdkpixbuf | 0.17 |
| gnome | gdkpixbuf | 0.22 |
| gnome | gdkpixbuf | 0.20 |
| gnome | gdkpixbuf | 0.18 |
| gnome | gtk | * |
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.2.2 |
| easy_software_products | cups | 1.1.4_5 |
| easy_software_products | cups | 1.1.4 |
| easy_software_products | cups | 1.0.4_8 |
| suse | suse_linux | 8.1 |
| xpdf | xpdf | 2.3 |
| suse | suse_linux | 8.2 |
| easy_software_products | cups | 1.1.19_rc5 |
| easy_software_products | cups | 1.1.14 |
| xpdf | xpdf | 1.0 |
| kde | koffice | 1.3.2 |
| redhat | fedora_core | core_2.0 |
| ubuntu | ubuntu_linux | 4.1 |
| easy_software_products | cups | 1.1.17 |
| xpdf | xpdf | 0.91 |
| kde | kde | 3.3.1 |
| easy_software_products | cups | 1.1.16 |
| easy_software_products | cups | 1.1.6 |
| kde | koffice | 1.3_beta3 |
| pdftohtml | pdftohtml | 0.32a |
| kde | koffice | 1.3 |
| easy_software_products | cups | 1.1.20 |
| suse | suse_linux | 9.2 |
| tetex | tetex | 2.0 |
| xpdf | xpdf | 1.1 |
| easy_software_products | cups | 1.1.13 |
| tetex | tetex | 2.0.2 |
| gentoo | linux | * |
| kde | koffice | 1.3_beta1 |
| xpdf | xpdf | 2.0 |
| kde | kde | 3.2 |
| xpdf | xpdf | 0.93 |
| redhat | enterprise_linux | 3.0 |
| easy_software_products | cups | 1.1.15 |
| kde | koffice | 1.3.1 |
| easy_software_products | cups | 1.1.4_3 |
| xpdf | xpdf | 0.90 |
| kde | kpdf | 3.2 |
| suse | suse_linux | 9.0 |
| suse | suse_linux | 9.1 |
| redhat | enterprise_linux_desktop | 3.0 |
| pdftohtml | pdftohtml | 0.33 |
| easy_software_products | cups | 1.1.10 |
| easy_software_products | cups | 1.1.12 |
| pdftohtml | pdftohtml | 0.34 |
| tetex | tetex | 2.0.1 |
| kde | koffice | 1.3_beta2 |
| debian | debian_linux | 3.0 |
| pdftohtml | pdftohtml | 0.33a |
| xpdf | xpdf | 3.0 |
| kde | kde | 3.2.3 |
| easy_software_products | cups | 1.1.7 |
| easy_software_products | cups | 1.1.4_2 |
| pdftohtml | pdftohtml | 0.35 |
| easy_software_products | cups | 1.1.18 |
| gnome | gpdf | 0.131 |
| xpdf | xpdf | 2.1 |
| xpdf | xpdf | 0.92 |
| redhat | enterprise_linux | 2.1 |
| suse | suse_linux | 8.0 |
| easy_software_products | cups | 1.1.1 |
| xpdf | xpdf | 1.0a |
| gnome | gpdf | 0.112 |
| redhat | linux_advanced_workstation | 2.1 |
| kde | kde | 3.3 |
| tetex | tetex | 1.0.7 |
| pdftohtml | pdftohtml | 0.32b |
| easy_software_products | cups | 1.0.4 |
| kde | kde | 3.2.1 |
| easy_software_products | cups | 1.1.19 |
| pdftohtml | pdftohtml | 0.36 |
| kde | koffice | 1.3.3 |
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.2.2 |
| easy_software_products | cups | 1.1.4_5 |
| easy_software_products | cups | 1.1.4 |
| easy_software_products | cups | 1.0.4_8 |
| suse | suse_linux | 8.1 |
| xpdf | xpdf | 2.3 |
| suse | suse_linux | 8.2 |
| easy_software_products | cups | 1.1.19_rc5 |
| easy_software_products | cups | 1.1.14 |
| xpdf | xpdf | 1.0 |
| kde | koffice | 1.3.2 |
| redhat | fedora_core | core_2.0 |
| ubuntu | ubuntu_linux | 4.1 |
| easy_software_products | cups | 1.1.17 |
| xpdf | xpdf | 0.91 |
| kde | kde | 3.3.1 |
| easy_software_products | cups | 1.1.16 |
| easy_software_products | cups | 1.1.6 |
| kde | koffice | 1.3_beta3 |
| pdftohtml | pdftohtml | 0.32a |
| kde | koffice | 1.3 |
| easy_software_products | cups | 1.1.20 |
| suse | suse_linux | 9.2 |
| tetex | tetex | 2.0 |
| xpdf | xpdf | 1.1 |
| easy_software_products | cups | 1.1.13 |
| tetex | tetex | 2.0.2 |
| gentoo | linux | * |
| kde | koffice | 1.3_beta1 |
| xpdf | xpdf | 2.0 |
| kde | kde | 3.2 |
| xpdf | xpdf | 0.93 |
| redhat | enterprise_linux | 3.0 |
| easy_software_products | cups | 1.1.15 |
| kde | koffice | 1.3.1 |
| easy_software_products | cups | 1.1.4_3 |
| xpdf | xpdf | 0.90 |
| kde | kpdf | 3.2 |
| suse | suse_linux | 9.0 |
| suse | suse_linux | 9.1 |
| redhat | enterprise_linux_desktop | 3.0 |
| pdftohtml | pdftohtml | 0.33 |
| easy_software_products | cups | 1.1.10 |
| easy_software_products | cups | 1.1.12 |
| pdftohtml | pdftohtml | 0.34 |
| tetex | tetex | 2.0.1 |
| kde | koffice | 1.3_beta2 |
| debian | debian_linux | 3.0 |
| pdftohtml | pdftohtml | 0.33a |
| xpdf | xpdf | 3.0 |
| kde | kde | 3.2.3 |
| easy_software_products | cups | 1.1.7 |
| easy_software_products | cups | 1.1.4_2 |
| pdftohtml | pdftohtml | 0.35 |
| easy_software_products | cups | 1.1.18 |
| gnome | gpdf | 0.131 |
| xpdf | xpdf | 2.1 |
| xpdf | xpdf | 0.92 |
| redhat | enterprise_linux | 2.1 |
| suse | suse_linux | 8.0 |
| easy_software_products | cups | 1.1.1 |
| xpdf | xpdf | 1.0a |
| gnome | gpdf | 0.112 |
| redhat | linux_advanced_workstation | 2.1 |
| kde | kde | 3.3 |
| tetex | tetex | 1.0.7 |
| pdftohtml | pdftohtml | 0.32b |
| easy_software_products | cups | 1.0.4 |
| kde | kde | 3.2.1 |
| easy_software_products | cups | 1.1.19 |
| pdftohtml | pdftohtml | 0.36 |
| kde | koffice | 1.3.3 |
gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libvte4 | * |
| gnome | libzvt2 | 1.4.2.19 |
Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 3.0 |
| gnome | evolution | * |
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.2.2 |
| suse | suse_linux | 6.1 |
| sgi | propack | 3.0 |
| easy_software_products | cups | 1.1.19_rc5 |
| xpdf | xpdf | 1.0 |
| suse | suse_linux | 4.2 |
| suse | suse_linux | 4.3 |
| suse | suse_linux | 1.0 |
| tetex | tetex | 1.0.6 |
| easy_software_products | cups | 1.1.17 |
| xpdf | xpdf | 0.91 |
| kde | kde | 3.3.1 |
| easy_software_products | cups | 1.1.16 |
| kde | koffice | 1.3_beta3 |
| pdftohtml | pdftohtml | 0.32a |
| kde | koffice | 1.3 |
| easy_software_products | cups | 1.1.20 |
| tetex | tetex | 2.0 |
| easy_software_products | cups | 1.1.13 |
| tetex | tetex | 2.0.2 |
| kde | koffice | 1.3_beta1 |
| xpdf | xpdf | 2.0 |
| kde | kde | 3.2 |
| xpdf | xpdf | 0.93 |
| redhat | enterprise_linux | 3.0 |
| kde | koffice | 1.3.1 |
| xpdf | xpdf | 0.90 |
| suse | suse_linux | 9.1 |
| suse | suse_linux | 6.2 |
| pdftohtml | pdftohtml | 0.33 |
| easy_software_products | cups | 1.1.10 |
| pdftohtml | pdftohtml | 0.34 |
| tetex | tetex | 2.0.1 |
| kde | koffice | 1.3_beta2 |
| suse | suse_linux | 6.4 |
| easy_software_products | cups | 1.1.7 |
| pdftohtml | pdftohtml | 0.35 |
| easy_software_products | cups | 1.1.18 |
| xpdf | xpdf | 2.1 |
| redhat | enterprise_linux | 2.1 |
| suse | suse_linux | 4.4 |
| gnome | gpdf | 0.112 |
| redhat | linux_advanced_workstation | 2.1 |
| kde | kde | 3.3 |
| suse | suse_linux | 7.2 |
| suse | suse_linux | 5.0 |
| sgi | advanced_linux_environment | 3.0 |
| easy_software_products | cups | 1.0.4 |
| ascii | ptex | 3.1.4 |
| suse | suse_linux | 4.0 |
| easy_software_products | cups | 1.1.19 |
| redhat | fedora_core | core_3.0 |
| easy_software_products | cups | 1.1.4_5 |
| suse | suse_linux | 2.0 |
| easy_software_products | cups | 1.1.4 |
| easy_software_products | cups | 1.0.4_8 |
| suse | suse_linux | 8.1 |
| xpdf | xpdf | 2.3 |
| suse | suse_linux | 5.3 |
| suse | suse_linux | 4.4.1 |
| suse | suse_linux | 5.1 |
| suse | suse_linux | 8.2 |
| gnome | gpdf | 0.110 |
| easy_software_products | cups | 1.1.14 |
| kde | koffice | 1.3.2 |
| redhat | fedora_core | core_2.0 |
| ubuntu | ubuntu_linux | 4.1 |
| suse | suse_linux | 6.0 |
| easy_software_products | cups | 1.1.6 |
| suse | suse_linux | 9.2 |
| xpdf | xpdf | 1.1 |
| suse | suse_linux | 7.0 |
| gentoo | linux | * |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 |
| suse | suse_linux | 5.2 |
| easy_software_products | cups | 1.1.15 |
| easy_software_products | cups | 1.1.4_3 |
| kde | kpdf | 3.2 |
| suse | suse_linux | 9.0 |
| redhat | enterprise_linux_desktop | 3.0 |
| suse | suse_linux | 3.0 |
| redhat | fedora_core | core_1.0 |
| easy_software_products | cups | 1.1.12 |
| debian | debian_linux | 3.0 |
| pdftohtml | pdftohtml | 0.33a |
| suse | suse_linux | 7.3 |
| cstex | cstetex | 2.0.2 |
| xpdf | xpdf | 3.0 |
| kde | kde | 3.2.3 |
| suse | suse_linux | 7.1 |
| easy_software_products | cups | 1.1.4_2 |
| gnome | gpdf | 0.131 |
| xpdf | xpdf | 0.92 |
| suse | suse_linux | 6.3 |
| suse | suse_linux | 8.0 |
| easy_software_products | cups | 1.1.1 |
| xpdf | xpdf | 1.0a |
| redhat | linux | 9.0 |
| tetex | tetex | 1.0.7 |
| pdftohtml | pdftohtml | 0.32b |
| kde | kde | 3.2.1 |
| pdftohtml | pdftohtml | 0.36 |
| kde | koffice | 1.3.3 |
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opera | opera_browser | * |
| mozilla | mozilla | * |
| omnigroup | omniweb | 5 |
| mozilla | camino | 0.8.5 |
| gnome | epiphany | * |
Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gtk | * |
Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gtk | * |
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gedit | 2.10.2 |
Format string vulnerability in the nm_info_handler function in Network Manager may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier, which is not properly handled in a syslog call.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | networkmanager | * |
Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | evolution | 2.3.5 |
| gnome | evolution | 2.0 |
| gnome | evolution | 2.3.2 |
| gnome | evolution | 1.5 |
| gnome | evolution | 2.2 |
| gnome | evolution | 2.3.1 |
| gnome | evolution | 2.1 |
| gnome | evolution | 2.3.3 |
| gnome | evolution | 2.3.4 |
| gnome | evolution | 2.3.6.1 |
Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | evolution | 1.4 |
| gnome | evolution | 2.3.5 |
| gnome | evolution | 2.0 |
| gnome | evolution | 2.3.2 |
| gnome | evolution | 1.5 |
| gnome | evolution | 2.2 |
| gnome | evolution | 2.3.1 |
| gnome | evolution | 2.1 |
| gnome | evolution | 2.3.3 |
| gnome | evolution | 2.3.4 |
| gnome | evolution | 2.3.6.1 |
Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libgda2 | * |
io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gdkpixbuf | * |
| gnome | gtk | * |
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gdkpixbuf | 0.22 |
| gnome | gtk | * |
Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gdkpixbuf | * |
| gtk | gtk+ | 2.4.0 |
GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | evolution | 2.4.2.1 |
The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | evolution | 2.3.5 |
| gnome | evolution | 2.3.2 |
| gnome | evolution | 2.3.6 |
| gnome | evolution | 2.3.1 |
| gnome | evolution | 2.3.3 |
| gnome | evolution | 2.3.4 |
| gnome | evolution | 2.3.6.1 |
| gnome | evolution | 2.3.7 |
Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | dwarf_http_server | 1.3.2 |
Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified error messages.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | dwarf_http_server | 1.3.2 |
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gdm | 2.14 |
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libextractor | libextractor | 0.3.6 |
| xpdf | xpdf | 2.3 |
| xpdf | xpdf | 3.0 |
| xpdf | xpdf | 1.0 |
| xpdf | xpdf | 3.0_pl3 |
| gnome | gpdf | 2.8.2 |
| libextractor | libextractor | 0.5 |
| xpdf | xpdf | 0.91 |
| xpdf | xpdf | 2.1 |
| xpdf | xpdf | 0.92 |
| xpdf | xpdf | 3.0.1 |
| libextractor | libextractor | 0.3.9 |
| xpdf | xpdf | 1.0a |
| xpdf | xpdf | 1.1 |
| xpdf | xpdf | 2.0 |
| libextractor | libextractor | 0.4 |
| libextractor | libextractor | 0.3.7 |
| libextractor | libextractor | 0.4.1 |
| libextractor | libextractor | 0.4.2 |
| libextractor | libextractor | 0.3.11 |
| xpdf | xpdf | 0.93 |
| xpdf | xpdf | 2.2 |
| xpdf | xpdf | 3.0.1_pl1 |
| xpdf | xpdf | 0.90 |
| libextractor | libextractor | 0.3.8 |
| debian | debian_linux | 3.1 |
| xpdf | xpdf | 3.0_pl2 |
gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard sequence, which removes the grab from gnome.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | screensaver | * |
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gdm | 2.14 |
| gnome | gdm | 2.12 |
| gnome | gdm | 2.15 |
| gnome | gdm | 2.8 |
Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | evolution | 2.3.5 |
| gnome | evolution | 2.3.2 |
| gnome | evolution | 2.3.6 |
| gnome | evolution | 2.3.1 |
| gnome | evolution | 2.3.3 |
| gnome | evolution | 2.3.4 |
| gnome | evolution | 2.3.6.1 |
| gnome | evolution | 2.3.7 |
Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) allows remote attackers to cause a denial of service (crash) via certain invalid DHCP responses that trigger memory corruption.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | dhcdbd | 1.12 |
| gnome | dhcdbd | 1.10 |
gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | power_manager | 2.14.0 |
Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-134,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome | 2.22 |
| gnome | yelp | * |
| gnome | gnome | 2.20 |
Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | glib | * |
| gnome | glib | 2.14.5 |
| gnome | glib | 2.16.3 |
| gnome | glib | 2.14.6 |
| gnome | glib | 2.2.1 |
GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision
CVSS 2.0
Severity: LOW
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | seahorse | * |
The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | glib | 2.0 |
| opensuse | opensuse | 11.0 |
| opensuse | opensuse | 11.1 |
| suse | suse_linux_enterprise_server | 11 |
gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | screensaver | 2.28.0 |
gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | screensaver | 2.26.1 |
gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: this issue exists because of a regression that followed a gnome-power-manager fix a few years earlier.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | power_manager | 2.27.92 |
gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | screensaver | 2.28.3 |
| gnome | screensaver | 2.27 |
| gnome | screensaver | 2.28.0 |
| gnome | screensaver | 2.22.2 |
| gnome | screensaver | 2.14.3 |
Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodings.h in GMime before 2.4.15 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via input data for a uuencode operation.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gmime | 2.4.9 |
| gnome | gmime | 2.4.5 |
| gnome | gmime | 2.4.6 |
| gnome | gmime | 2.4.12 |
| gnome | gmime | 2.4.2 |
| gnome | gmime | 2.4.4 |
| gnome | gmime | 2.4.10 |
| gnome | gmime | 2.4.3 |
| gnome | gmime | 2.4.1 |
| gnome | gmime | 2.4.0 |
| gnome | gmime | 2.4.11 |
| gnome | gmime | 2.4.7 |
| gnome | gmime | 2.4.8 |
| gnome | gmime | 2.4.13 |
gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | screensaver | 2.20 |
| gnome | screensaver | 2.28.0 |
| gnome | screensaver | 2.20.0 |
| gnome | screensaver | * |
| gnome | screensaver | 2.13 |
| gnome | screensaver | 2.26.1 |
Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | pango | * |
gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to CVE-2010-0414.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | screensaver | 2.28.2 |
| gnome | screensaver | 2.28.1 |
| gnome | screensaver | 2.28.0 |
gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gtk | gtk+ | * |
| gnome | screensaver | * |
| gnome | gtk | * |
Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | epiphany | 2.28 |
| gnome | epiphany | 2.29 |
gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome-shell | 2.31.5 |
The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for CVE-2005-4790.2.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | tomboy | * |
| gnome | tomboy | 1.0.1 |
| gnome | tomboy | 1.2.2 |
| gnome | tomboy | 1.5.1 |
| gnome | tomboy | 1.4.2 |
Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in GTK+ before 2.21.8 allows local users to gain privileges via a Trojan horse Wintab32.dll file in the current working directory.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gtk | * |
Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability than CVE-2010-4831.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gtk | * |
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pango | pango | 1.5 |
| pango | pango | 1.21 |
| pango | pango | 1.26 |
| pango | pango | 1.3 |
| pango | pango | 1.15 |
| pango | pango | 0.21 |
| pango | pango | 1.8 |
| pango | pango | 1.25 |
| pango | pango | 0.23 |
| pango | pango | 1.24 |
| gnome | pango | 1.28.2 |
| pango | pango | 1.18 |
| pango | pango | 1.11 |
| pango | pango | 0.20 |
| pango | pango | 1.7 |
| pango | pango | 1.4 |
| pango | pango | 1.2 |
| pango | pango | 1.12 |
| pango | pango | 0.22 |
| pango | pango | 1.6 |
| pango | pango | 1.23 |
| pango | pango | 0.24 |
| pango | pango | 1.16 |
| pango | pango | 1.27 |
| gnome | pango | * |
| pango | pango | 1.10 |
| pango | pango | 1.20 |
| pango | pango | 1.13 |
| pango | pango | 1.19 |
| pango | pango | 1.1 |
| gnome | pango | 1.28.1 |
| pango | pango | 1.0 |
| pango | pango | 1.9 |
| pango | pango | 0.26 |
| gnome | pango | 1.28.0 |
| pango | pango | 0.25 |
| pango | pango | 1.14 |
| pango | pango | 1.17 |
| pango | pango | 1.22 |
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | pango | 1.28.3 |
| mozilla | firefox | * |
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gdm | 2.26 |
| gnome | gdm | 2.2 |
| gnome | gdm | 2.28 |
| gnome | gdm | 2.30 |
| gnome | gdm | 2.16 |
| gnome | gdm | 2.22 |
| gnome | gdm | 2.19 |
| gnome | gdm | 2.17 |
| gnome | gdm | 2.20 |
| gnome | gdm | 2.4 |
| gnome | gdm | 2.32 |
| gnome | gdm | 2.14 |
| gnome | gdm | 2.0 |
| gnome | gdm | 2.13 |
| gnome | gdm | 2.15 |
| gnome | gdm | 2.21 |
| gnome | gdm | 2.18 |
| gnome | gdm | 2.27 |
| gnome | gdm | 2.25 |
| gnome | gdm | 2.31 |
| gnome | gdm | 2.29 |
| gnome | gdm | 2.6 |
| gnome | gdm | 2.5 |
| gnome | gdm | 2.24 |
| gnome | gdm | 2.3 |
| gnome | gdm | 2.23 |
| gnome | gdm | 2.8 |
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gdm | 2.26 |
| gnome | gdm | 2.2 |
| gnome | gdm | 2.28 |
| gnome | gdm | 2.30 |
| gnome | gdm | 2.16 |
| gnome | gdm | 2.22 |
| gnome | gdm | 2.19 |
| gnome | gdm | 2.32.1 |
| gnome | gdm | 1.0 |
| gnome | gdm | 2.17 |
| gnome | gdm | 2.20 |
| gnome | gdm | 2.4 |
| gnome | gdm | 2.32 |
| gnome | gdm | 2.14 |
| gnome | gdm | 2.0 |
| gnome | gdm | 2.13 |
| gnome | gdm | 2.15 |
| gnome | gdm | 2.21 |
| gnome | gdm | 2.18 |
| gnome | gdm | 2.27 |
| gnome | gdm | 2.25 |
| gnome | gdm | 2.31 |
| gnome | gdm | 2.29 |
| gnome | gdm | 2.6 |
| gnome | gdm | 2.5 |
| gnome | gdm | 2.24 |
| gnome | gdm | 2.3 |
| gnome | gdm | 2.23 |
| gnome | gdm | 2.8 |
The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 15 |
| gnome | networkmanager | * |
GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | networkmanager | 0.8.1 |
| gnome | networkmanager | 0.5.1 |
| gnome | networkmanager | 0.7.0 |
| gnome | networkmanager | 0.3.0 |
| gnome | networkmanager | 0.4.1 |
| gnome | networkmanager | 0.7.1 |
| gnome | networkmanager | 0.6.1 |
| gnome | networkmanager | 0.6.6 |
| gnome | networkmanager | 0.2.0 |
| gnome | networkmanager | * |
| gnome | networkmanager | 0.3.1 |
| gnome | networkmanager | 0.8.2 |
| gnome | networkmanager | 0.6.0 |
| gnome | networkmanager | 0.6.2 |
| gnome | networkmanager | 0.7.2 |
| gnome | networkmanager | 0.5.0 |
The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gdk-pixbuf | * |
| gnome | gdk-pixbuf | 2.22.1 |
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libsoup | 2.2.91 |
| gnome | libsoup | 2.2.0 |
| gnome | libsoup | 2.3.0.1 |
| gnome | libsoup | 2.2.94 |
| gnome | libsoup | 2.4.1 |
| gnome | libsoup | 2.28.1 |
| gnome | libsoup | 2.27.4 |
| gnome | libsoup | 2.29.91 |
| gnome | libsoup | 2.25.2 |
| gnome | libsoup | 2.3.4 |
| gnome | libsoup | 2.24.0.1 |
| gnome | libsoup | 2.28.0 |
| gnome | libsoup | 2.2.1 |
| gnome | libsoup | 2.25.91 |
| gnome | libsoup | 2.23.1 |
| gnome | libsoup | 2.27.1 |
| gnome | libsoup | 2.33.4 |
| gnome | libsoup | 2.2.93 |
| gnome | libsoup | 2.32.1 |
| gnome | libsoup | 2.2.5 |
| gnome | libsoup | 2.32.2 |
| gnome | libsoup | 2.23.6 |
| gnome | libsoup | 2.2.2 |
| gnome | libsoup | 2.2.4 |
| gnome | libsoup | 2.34.1 |
| gnome | libsoup | 2.23.91 |
| gnome | libsoup | 2.25.3 |
| gnome | libsoup | 2.26.1 |
| gnome | libsoup | 2.29.5 |
| gnome | libsoup | 2.27.5 |
| gnome | libsoup | 2.30.1 |
| gnome | libsoup | 2.2.100 |
| gnome | libsoup | 2.33.92 |
| gnome | libsoup | 2.23.92 |
| gnome | libsoup | 2.3.2 |
| gnome | libsoup | 2.2.104 |
| gnome | libsoup | 2.27.92 |
| gnome | libsoup | * |
| gnome | libsoup | 2.2 |
| gnome | libsoup | 2.31.92 |
| gnome | libsoup | 2.24.1 |
| gnome | libsoup | 2.2.3 |
| gnome | libsoup | 2.30.0 |
| gnome | libsoup | 2.34.0 |
| gnome | libsoup | 2.31.90 |
| gnome | libsoup | 2.2.7 |
| gnome | libsoup | 2.29.3 |
| gnome | libsoup | 2.25.4 |
| gnome | libsoup | 2.2.103 |
| gnome | libsoup | 2.29.6 |
| gnome | libsoup | 2.0 |
| gnome | libsoup | 2.33.90 |
| gnome | libsoup | 2.27.90 |
| gnome | libsoup | 2.2.99 |
| gnome | libsoup | 2.4.0 |
| gnome | libsoup | 2.27.91 |
| gnome | libsoup | 2.2.97 |
| gnome | libsoup | 2.2.101 |
| gnome | libsoup | 2.2.92 |
| gnome | libsoup | 2.26.0 |
| gnome | libsoup | 2.2.98 |
| gnome | libsoup | 2.25.5 |
| gnome | libsoup | 2.2.6 |
| gnome | libsoup | 2.2.102 |
| gnome | libsoup | 2.31.2 |
| gnome | libsoup | 2.29.90 |
| gnome | libsoup | 2.33.5 |
| gnome | libsoup | 2.27.2 |
| gnome | libsoup | 2.33.6 |
| gnome | libsoup | 2.31.6 |
| gnome | libsoup | 2.2.6.1 |
| gnome | libsoup | 2.2.96 |
| gnome | libsoup | 2.32.0 |
| gnome | libsoup | 2.2.95.1 |
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_workstation | 5.0 |
| opensuse | opensuse | 11.4 |
| gnome | pango | * |
| canonical | ubuntu_linux | 11.04 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_server | 4.0 |
| qt | qt | * |
| opensuse | opensuse | 11.3 |
| redhat | enterprise_linux_workstation | 4.0 |
| redhat | enterprise_linux_server | 5.0 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_eus | 6.1 |
| canonical | ubuntu_linux | 10.04 |
| redhat | enterprise_linux_desktop | 5.0 |
| redhat | enterprise_linux_desktop | 4.0 |
| redhat | enterprise_linux_desktop | 6.0 |
GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | evolution | 1.4 |
| gnome | evolution | 1.4.6 |
| gnome | evolution | 2.3.2 |
| oracle | solaris | 11.2 |
| redhat | enterprise_linux_workstation | 6.0 |
| gnome | evolution | 1.2.4 |
| gnome | evolution | 2.6 |
| gnome | evolution | 2.3.5 |
| gnome | evolution | 2.3.6 |
| gnome | evolution | 2.32.3 |
| gnome | evolution | 2.22.1 |
| gnome | evolution | 1.4.4 |
| gnome | evolution | 2.8.1 |
| redhat | enterprise_linux_desktop | 6.0 |
| gnome | evolution | 2.4 |
| gnome | evolution | 1.2 |
| gnome | evolution | 1.2.1 |
| gnome | evolution | 1.5 |
| gnome | evolution | 2.2 |
| gnome | evolution | 2.0.2 |
| gnome | evolution | 1.11 |
| gnome | evolution | 2.3.4 |
| gnome | evolution | 1.2.2 |
| gnome | evolution | 2.30.3 |
| gnome | evolution | 1.4.3 |
| gnome | evolution | 2.0 |
| gnome | evolution | 1.4.5 |
| gnome | evolution | 2.4.2.1 |
| gnome | evolution | 2.10.3 |
| gnome | evolution | 2.24.5 |
| gnome | evolution | 2.26.3 |
| gnome | evolution | 2.2.1 |
| gnome | evolution | 2.24 |
| gnome | evolution | * |
| gnome | evolution | 2.3.3 |
| redhat | enterprise_linux_server | 6.0 |
| gnome | evolution | 2.3.1 |
| gnome | evolution | 2.12 |
| gnome | evolution | 2.0.0 |
| gnome | evolution | 2.22.3 |
| gnome | evolution | 1.0.8 |
| gnome | evolution | 2.0.1 |
| gnome | evolution | 2.28.3.1 |
| gnome | evolution | 2.1 |
| gnome | evolution | 2.3.7 |
| gnome | evolution | 2.26.1 |
| gnome | evolution | 1.2.3 |
| gnome | evolution | 2.12.3 |
| gnome | evolution | 2.3.6.1 |
Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | ifcfg-rh_plug-in | * |
Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | empathy | 2.91.4.2 |
| gnome | empathy | 2.29.91 |
| gnome | empathy | 0.14 |
| gnome | empathy | 3.1.90.1 |
| gnome | empathy | * |
| gnome | empathy | 2.91.1 |
| gnome | empathy | 2.91.93 |
| gnome | empathy | 2.29.91.1 |
| gnome | empathy | 2.27.1.1 |
| gnome | empathy | 2.33.1 |
| gnome | empathy | 3.1.92 |
| gnome | empathy | 0.9 |
| gnome | empathy | 2.32.0 |
| gnome | empathy | 0.11 |
| gnome | empathy | 2.28.1.1 |
| gnome | empathy | 2.30.1.1 |
| gnome | empathy | 0.4 |
| gnome | empathy | 0.22.1 |
| gnome | empathy | 2.30.0 |
| gnome | empathy | 0.23.4 |
| gnome | empathy | 2.27.91.1 |
| gnome | empathy | 2.25.3 |
| gnome | empathy | 2.91.92 |
| gnome | empathy | 2.25.90 |
| gnome | empathy | 2.27.1 |
| gnome | empathy | 2.29.2 |
| gnome | empathy | 2.27.5 |
| gnome | empathy | 2.31.3 |
| gnome | empathy | 0.12 |
| gnome | empathy | 0.21.2 |
| gnome | empathy | 2.29.6 |
| gnome | empathy | 2.91.2 |
| gnome | empathy | 3.0.2 |
| gnome | empathy | 2.31.1 |
| gnome | empathy | 2.33.3 |
| gnome | empathy | 3.1.90 |
| gnome | empathy | 0.21.5.1 |
| gnome | empathy | 0.21.5.2 |
| gnome | empathy | 2.91.3.1 |
| gnome | empathy | 2.28.1.2 |
| gnome | empathy | 3.1.3 |
| gnome | empathy | 2.26.2 |
| gnome | empathy | 2.26.1 |
| gnome | empathy | 2.91.4.3 |
| gnome | empathy | 2.31.92 |
| gnome | empathy | 2.32.2 |
| gnome | empathy | 0.6 |
| gnome | empathy | 2.23.90 |
| gnome | empathy | 0.21.90 |
| gnome | empathy | 3.0.0 |
| gnome | empathy | 0.21.5 |
| gnome | empathy | 2.27.2 |
| gnome | empathy | 2.23.91 |
| gnome | empathy | 0.1 |
| gnome | empathy | 0.22.0 |
| gnome | empathy | 2.26.0 |
| gnome | empathy | 3.0.1 |
| gnome | empathy | 2.91.3 |
| gnome | empathy | 2.91.6 |
| gnome | empathy | 3.1.5.1 |
| gnome | empathy | 2.29.93 |
| gnome | empathy | 2.33.4 |
| gnome | empathy | 3.1.2 |
| gnome | empathy | 2.91.4.1 |
| gnome | empathy | 2.91.90.2 |
| gnome | empathy | 2.30.3 |
| gnome | empathy | 2.23.92 |
| gnome | empathy | 2.25.91 |
| gnome | empathy | 0.23.3 |
| gnome | empathy | 0.21.91 |
| gnome | empathy | 0.5 |
| gnome | empathy | 2.25.92 |
| gnome | empathy | 2.24.0 |
| gnome | empathy | 2.91.5.1 |
| gnome | empathy | 2.29.90 |
| gnome | empathy | 2.27.4 |
| gnome | empathy | 0.21.1 |
| gnome | empathy | 2.31.2 |
| gnome | empathy | 2.29.91.2 |
| gnome | empathy | 2.30.0.2 |
| gnome | empathy | 2.31.91 |
| gnome | empathy | 2.28.0.1 |
| gnome | empathy | 3.1.1 |
| gnome | empathy | 2.29.3 |
| gnome | empathy | 3.1.4 |
| gnome | empathy | 2.30.0.1 |
| gnome | empathy | 2.91.90.1 |
| gnome | empathy | 0.21.3 |
| gnome | empathy | 3.1.91 |
| gnome | empathy | 2.31.90 |
| gnome | empathy | 2.25.4 |
| gnome | empathy | 2.29.5.1 |
| gnome | empathy | 3.1.2.1 |
| gnome | empathy | 2.29.92 |
| gnome | empathy | 2.27.92 |
| gnome | empathy | 0.2 |
| gnome | empathy | 0.3 |
| gnome | empathy | 2.31.4 |
| gnome | empathy | 2.29.4 |
| gnome | empathy | 0.7 |
| gnome | empathy | 2.29.1 |
| gnome | empathy | 0.21.4 |
| gnome | empathy | 2.91.6.1 |
| gnome | empathy | 2.91.5 |
| gnome | empathy | 2.25.2 |
| gnome | empathy | 2.31.5 |
| gnome | empathy | 2.27.3 |
| gnome | empathy | 3.2.0.1 |
| gnome | empathy | 2.31.5.1 |
| gnome | empathy | 2.28.0 |
| gnome | empathy | 3.1.5 |
| gnome | empathy | 2.28.2 |
| gnome | empathy | 2.91.91.1 |
| gnome | empathy | 2.26.0.1 |
| gnome | empathy | 2.32.1 |
| gnome | empathy | 0.23.1 |
| gnome | empathy | 2.32.0.1 |
| gnome | empathy | 2.33.2 |
| gnome | empathy | 0.13 |
| gnome | empathy | 2.91.90 |
| gnome | empathy | 2.91.4 |
| gnome | empathy | 2.31.6 |
| gnome | empathy | 2.34.0 |
| gnome | empathy | 2.28.1 |
| gnome | empathy | 2.91.0 |
| gnome | empathy | 2.29.5 |
| gnome | empathy | 0.23.2 |
| gnome | empathy | 2.24.1 |
| gnome | empathy | 2.91.91 |
| gnome | empathy | 2.30.1 |
| gnome | empathy | 2.30.2 |
| gnome | empathy | 0.8 |
| gnome | empathy | 2.23.6 |
| gnome | empathy | 2.27.91 |
Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | empathy | 2.91.4.2 |
| gnome | empathy | 2.29.91 |
| gnome | empathy | 0.14 |
| gnome | empathy | 3.1.90.1 |
| gnome | empathy | * |
| gnome | empathy | 2.91.1 |
| gnome | empathy | 2.91.93 |
| gnome | empathy | 2.29.91.1 |
| gnome | empathy | 2.27.1.1 |
| gnome | empathy | 2.33.1 |
| gnome | empathy | 3.1.92 |
| gnome | empathy | 0.9 |
| gnome | empathy | 2.32.0 |
| gnome | empathy | 0.11 |
| gnome | empathy | 2.28.1.1 |
| gnome | empathy | 2.30.1.1 |
| gnome | empathy | 0.4 |
| gnome | empathy | 0.22.1 |
| gnome | empathy | 2.30.0 |
| gnome | empathy | 0.23.4 |
| gnome | empathy | 2.27.91.1 |
| gnome | empathy | 2.25.3 |
| gnome | empathy | 2.91.92 |
| gnome | empathy | 2.25.90 |
| gnome | empathy | 2.27.1 |
| gnome | empathy | 2.29.2 |
| gnome | empathy | 2.27.5 |
| gnome | empathy | 2.31.3 |
| gnome | empathy | 0.12 |
| gnome | empathy | 0.21.2 |
| gnome | empathy | 2.29.6 |
| gnome | empathy | 2.91.2 |
| gnome | empathy | 3.0.2 |
| gnome | empathy | 2.31.1 |
| gnome | empathy | 2.33.3 |
| gnome | empathy | 3.1.90 |
| gnome | empathy | 0.21.5.1 |
| gnome | empathy | 0.21.5.2 |
| gnome | empathy | 2.91.3.1 |
| gnome | empathy | 2.28.1.2 |
| gnome | empathy | 3.1.3 |
| gnome | empathy | 2.26.2 |
| gnome | empathy | 2.26.1 |
| gnome | empathy | 2.91.4.3 |
| gnome | empathy | 2.31.92 |
| gnome | empathy | 2.32.2 |
| gnome | empathy | 0.6 |
| gnome | empathy | 2.23.90 |
| gnome | empathy | 0.21.90 |
| gnome | empathy | 3.0.0 |
| gnome | empathy | 0.21.5 |
| gnome | empathy | 2.27.2 |
| gnome | empathy | 2.23.91 |
| gnome | empathy | 0.1 |
| gnome | empathy | 0.22.0 |
| gnome | empathy | 2.26.0 |
| gnome | empathy | 3.0.1 |
| gnome | empathy | 2.91.3 |
| gnome | empathy | 2.91.6 |
| gnome | empathy | 3.1.5.1 |
| gnome | empathy | 2.29.93 |
| gnome | empathy | 2.33.4 |
| gnome | empathy | 3.1.2 |
| gnome | empathy | 2.91.4.1 |
| gnome | empathy | 2.91.90.2 |
| gnome | empathy | 2.30.3 |
| gnome | empathy | 2.23.92 |
| gnome | empathy | 2.25.91 |
| gnome | empathy | 0.23.3 |
| gnome | empathy | 0.21.91 |
| gnome | empathy | 0.5 |
| gnome | empathy | 2.25.92 |
| gnome | empathy | 2.24.0 |
| gnome | empathy | 2.91.5.1 |
| gnome | empathy | 2.29.90 |
| gnome | empathy | 2.27.4 |
| gnome | empathy | 0.21.1 |
| gnome | empathy | 2.31.2 |
| gnome | empathy | 2.29.91.2 |
| gnome | empathy | 2.30.0.2 |
| gnome | empathy | 2.31.91 |
| gnome | empathy | 2.28.0.1 |
| gnome | empathy | 3.1.1 |
| gnome | empathy | 2.29.3 |
| gnome | empathy | 3.1.4 |
| gnome | empathy | 2.30.0.1 |
| gnome | empathy | 2.91.90.1 |
| gnome | empathy | 0.21.3 |
| gnome | empathy | 3.1.91 |
| gnome | empathy | 2.31.90 |
| gnome | empathy | 2.25.4 |
| gnome | empathy | 2.29.5.1 |
| gnome | empathy | 3.1.2.1 |
| gnome | empathy | 2.29.92 |
| gnome | empathy | 2.27.92 |
| gnome | empathy | 0.2 |
| gnome | empathy | 0.3 |
| gnome | empathy | 2.31.4 |
| gnome | empathy | 2.29.4 |
| gnome | empathy | 0.7 |
| gnome | empathy | 2.29.1 |
| gnome | empathy | 0.21.4 |
| gnome | empathy | 2.91.6.1 |
| gnome | empathy | 2.91.5 |
| gnome | empathy | 2.25.2 |
| gnome | empathy | 2.31.5 |
| gnome | empathy | 2.27.3 |
| gnome | empathy | 3.2.0.1 |
| gnome | empathy | 2.31.5.1 |
| gnome | empathy | 2.28.0 |
| gnome | empathy | 3.1.5 |
| gnome | empathy | 2.28.2 |
| gnome | empathy | 2.91.91.1 |
| gnome | empathy | 2.26.0.1 |
| gnome | empathy | 2.32.1 |
| gnome | empathy | 0.23.1 |
| gnome | empathy | 2.32.0.1 |
| gnome | empathy | 2.33.2 |
| gnome | empathy | 0.13 |
| gnome | empathy | 2.91.90 |
| gnome | empathy | 2.91.4 |
| gnome | empathy | 2.31.6 |
| gnome | empathy | 2.34.0 |
| gnome | empathy | 2.28.1 |
| gnome | empathy | 2.91.0 |
| gnome | empathy | 2.29.5 |
| gnome | empathy | 0.23.2 |
| gnome | empathy | 2.24.1 |
| gnome | empathy | 2.91.91 |
| gnome | empathy | 2.30.1 |
| gnome | empathy | 2.30.2 |
| gnome | empathy | 0.8 |
| gnome | empathy | 2.23.6 |
| gnome | empathy | 2.27.91 |
GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | glib | 2.21.2 |
| gnome | glib | 2.21.5 |
| gnome | glib | 2.7.5 |
| gnome | glib | 2.14.4 |
| gnome | glib | 1.2.1 |
| gnome | glib | 2.15.4 |
| gnome | glib | 2.3.3 |
| gnome | glib | 2.10.2 |
| gnome | glib | 2.20.1 |
| gnome | glib | 2.14.5 |
| gnome | glib | 2.22.3 |
| gnome | glib | 2.8.6 |
| gnome | glib | 2.30.2 |
| gnome | glib | 2.4.0 |
| gnome | glib | 2.5.2 |
| gnome | glib | 1.3.14 |
| gnome | glib | 2.4.1 |
| gnome | glib | 2.27.5 |
| gnome | glib | 2.8.0 |
| gnome | glib | 2.28.3 |
| gnome | glib | 2.0.2 |
| gnome | glib | 2.17.4 |
| gnome | glib | 2.25.17 |
| gnome | glib | 2.19.9 |
| gnome | glib | 2.29.14 |
| gnome | glib | 2.25.10 |
| gnome | glib | 2.6.6 |
| gnome | glib | 2.1.1 |
| gnome | glib | 2.16.2 |
| gnome | glib | 2.19.2 |
| gnome | glib | 2.25.2 |
| gnome | glib | 2.29.92 |
| gnome | glib | 1.3.9 |
| gnome | glib | 2.24.1 |
| gnome | glib | 2.6.0 |
| gnome | glib | 2.3.1 |
| gnome | glib | 2.16.1 |
| gnome | glib | 2.25.6 |
| gnome | glib | 2.0.1 |
| gnome | glib | 1.1.12-1 |
| gnome | glib | 2.3.0 |
| gnome | glib | 2.25.13 |
| gnome | glib | 2.27.90 |
| gnome | glib | 2.3.2 |
| gnome | glib | 2.15.6 |
| gnome | glib | 2.22.2 |
| gnome | glib | 2.0.3 |
| gnome | glib | 2.13.0 |
| gnome | glib | 2.27.0 |
| gnome | glib | 2.29.2 |
| gnome | glib | 2.25.4 |
| gnome | glib | 2.18.3 |
| gnome | glib | 2.5.1 |
| gnome | glib | 2.25.3 |
| gnome | glib | 2.12.4 |
| gnome | glib | 2.17.1 |
| gnome | glib | 1.1.12 |
| gnome | glib | 2.16.0 |
| gnome | glib | 2.25.8 |
| gnome | glib | 2.29.8 |
| gnome | glib | 2.24.0 |
| gnome | glib | 2.17.5 |
| gnome | glib | 2.3.4 |
| gnome | glib | 2.1.5 |
| gnome | glib | 2.25.11 |
| gnome | glib | 2.0.7 |
| gnome | glib | 1.2.7 |
| gnome | glib | 2.13.1 |
| gnome | glib | * |
| gnome | glib | 2.14.6 |
| gnome | glib | 2.7.0 |
| gnome | glib | 2.27.1 |
| gnome | glib | 2.4.3 |
| gnome | glib | 2.23.4 |
| gnome | glib | 2.12.9 |
| gnome | glib | 2.12.12 |
| gnome | glib | 2.9.4 |
| gnome | glib | 2.1.4 |
| gnome | glib | 1.3.12 |
| gnome | glib | 2.4.4 |
| gnome | glib | 2.22.5 |
| gnome | glib | 2.9.3 |
| gnome | glib | 1.1.15 |
| gnome | glib | 2.12.7 |
| gnome | glib | 2.28.5 |
| gnome | glib | 1.3.15 |
| gnome | glib | 2.31.2 |
| gnome | glib | 2.29.12 |
| gnome | glib | 2.20.4 |
| gnome | glib | 2.23.5 |
| gnome | glib | 2.27.4 |
| gnome | glib | 2.29.4 |
| gnome | glib | 2.7.3 |
| gnome | glib | 2.8.4 |
| gnome | glib | 1.2.0 |
| gnome | glib | 2.14.2 |
| gnome | glib | 2.12.8 |
| gnome | glib | 2.19.7 |
| gnome | glib | 1.3.13 |
| gnome | glib | 2.2.0 |
| gnome | glib | 2.13.7 |
| gnome | glib | 2.4.5 |
| gnome | glib | 2.9.0 |
| gnome | glib | 2.7.2 |
| gnome | glib | 2.24.2 |
| gnome | glib | 2.4.8 |
| gnome | glib | 2.5.3 |
| gnome | glib | 2.5.6 |
| gnome | glib | 2.18.0 |
| gnome | glib | 2.12.3 |
| gnome | glib | 2.12.6 |
| gnome | glib | 2.23.1 |
| gnome | glib | 2.14.3 |
| gnome | glib | 2.5.4 |
| gnome | glib | 2.13.4 |
| gnome | glib | 2.4.7 |
| gnome | glib | 2.21.1 |
| gnome | glib | 2.18.4 |
| gnome | glib | 2.0.0 |
| gnome | glib | 2.31.6 |
| gnome | glib | 2.8.3 |
| gnome | glib | 2.17.3 |
| gnome | glib | 2.7.4 |
| gnome | glib | 2.19.0 |
| gnome | glib | 2.8.1 |
| gnome | glib | 2.19.4 |
| gnome | glib | 2.15.5 |
| gnome | glib | 2.19.10 |
| gnome | glib | 2.3.6 |
| gnome | glib | 2.29.18 |
| gnome | glib | 2.27.92 |
| gnome | glib | 2.28.2 |
| gnome | glib | 2.1.0 |
| gnome | glib | 2.20.5 |
| gnome | glib | 2.16.3 |
| gnome | glib | 2.14.0 |
| gnome | glib | 1.2.5 |
| gnome | glib | 2.7.6 |
| gnome | glib | 2.11.2 |
| gnome | glib | 2.31.4 |
| gnome | glib | 2.17.7 |
| gnome | glib | 2.25.12 |
| gnome | glib | 2.5.5 |
| gnome | glib | 1.2.2 |
| gnome | glib | 2.15.0 |
| gnome | glib | 2.27.3 |
| gnome | glib | 1.2.3 |
| gnome | glib | 2.8.5 |
| gnome | glib | 2.22.1 |
| gnome | glib | 2.2.1 |
| gnome | glib | 2.25.1 |
| gnome | glib | 2.21.4 |
| gnome | glib | 2.9.1 |
| gnome | glib | 2.25.9 |
| gnome | glib | 2.27.91 |
| gnome | glib | 2.12.10 |
| gnome | glib | 2.25.16 |
| gnome | glib | 2.30.1 |
| gnome | glib | 2.30.0 |
| gnome | glib | 2.27.93 |
| gnome | glib | 2.19.5 |
| gnome | glib | 2.15.3 |
| gnome | glib | 2.16.6 |
| gnome | glib | 2.17.2 |
| gnome | glib | 1.2.6 |
| gnome | glib | 1.3.11 |
| gnome | glib | 2.2.2 |
| gnome | glib | 2.11.0 |
| gnome | glib | 2.12.0 |
| gnome | glib | 2.21.0 |
| gnome | glib | 2.29.16 |
| gnome | glib | 2.12.13 |
| gnome | glib | 2.0.5 |
| gnome | glib | 2.17.0 |
| gnome | glib | 1.2.4 |
| gnome | glib | 1.2.9 |
| gnome | glib | 2.11.3 |
| gnome | glib | 2.25.0 |
| gnome | glib | 2.29.10 |
| gnome | glib | 2.28.8 |
| gnome | glib | 2.2.3 |
| gnome | glib | 2.18.2 |
| gnome | glib | 2.29.6 |
| gnome | glib | 2.0 |
| gnome | glib | 2.28.7 |
| gnome | glib | 2.4.2 |
| gnome | glib | 2.29.90 |
| gnome | glib | 2.10.0 |
| gnome | glib | 2.7.7 |
| gnome | glib | 1.2.10 |
| gnome | glib | 2.20.3 |
| gnome | glib | 2.12.1 |
| gnome | glib | 2.19.8 |
| gnome | glib | 2.22.0 |
| gnome | glib | 2.3.5 |
| gnome | glib | 2.25.14 |
| gnome | glib | 2.31.0 |
| gnome | glib | 2.1.3 |
| gnome | glib | 2.9.5 |
| gnome | glib | 2.9.2 |
| gnome | glib | 2.19.6 |
| gnome | glib | 2.16.4 |
| gnome | glib | 2.28 |
| gnome | glib | 2.25.15 |
| gnome | glib | 2.5.7 |
| gnome | glib | 2.6.3 |
| gnome | glib | 2.20.2 |
| gnome | glib | 2.17.6 |
| gnome | glib | 2.1.2 |
| gnome | glib | 2.26.1 |
| gnome | glib | 2.23.3 |
| gnome | glib | 2.13.3 |
| gnome | glib | 2.6.2 |
| gnome | glib | 2.0.4 |
| gnome | glib | 2.20.0 |
| gnome | glib | 2.13.6 |
| gnome | glib | 2.0.6 |
| gnome | glib | 2.9.6 |
| gnome | glib | 2.27.2 |
| gnome | glib | 2.19.3 |
| gnome | glib | 2.18.1 |
| gnome | glib | 2.12.2 |
| gnome | glib | 2.15.2 |
| gnome | glib | 2.28.0 |
| gnome | glib | 2.5.0 |
| gnome | glib | 2.13.2 |
| gnome | glib | 2.6.1 |
| gnome | glib | 2.7.1 |
| gnome | glib | 2.21.6 |
| gnome | glib | 2.19.1 |
| gnome | glib | 2.13.5 |
| gnome | glib | 2.25.5 |
| gnome | glib | 2.6.5 |
| gnome | glib | 2.22.4 |
| gnome | glib | 2.10.1 |
| gnome | glib | 2.12.5 |
| gnome | glib | 2.21.3 |
| gnome | glib | 2.28.6 |
| gnome | glib | 2.26.0 |
| gnome | glib | 2.11.1 |
| gnome | glib | 2.23.0 |
| gnome | glib | 2.8.2 |
| gnome | glib | 2.28.4 |
| gnome | glib | 1.2.8 |
| gnome | glib | 2.12.11 |
| gnome | glib | 2.14.1 |
| gnome | glib | 2.23.6 |
| gnome | glib | 1.3.10 |
| gnome | glib | 2.6.4 |
| gnome | glib | 2.11.4 |
| gnome | glib | 2.4.6 |
| gnome | glib | 2.23.2 |
| gnome | glib | 2.10.3 |
| gnome | glib | 2.15.1 |
| gnome | glib | 2.16.5 |
| gnome | glib | 2.28.1 |
| gnome | glib | 2.25.7 |
DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials.
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 11.04 |
| canonical | ubuntu_linux | 11.10 |
| gnome | update-manager-core | 0.152.25.10 |
| gnome | update-manager-core | 0.150.5.2 |
| canonical | ubuntu_linux | 12.04 |
| gnome | update-manager-core | 0.156.14.3 |
Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gdk-pixbuf | 2.23.4 |
| gnome | gdk-pixbuf | * |
| gnome | gdk-pixbuf | 2.24.1 |
| gnome | gdk-pixbuf | 2.23.3 |
| gnome | gdk-pixbuf | 2.25.2 |
| gnome | gdk-pixbuf | 2.24.0 |
| gnome | gdk-pixbuf | 2.23.5 |
| gnome | gdk-pixbuf | 2.25.0 |
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.
CVSS 2.0
Severity: LOW
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | rhythmbox | 0.8.7 |
| gnome | rhythmbox | 0.12.4 |
| gnome | rhythmbox | 0.5.2 |
| gnome | rhythmbox | 0.12.1 |
| gnome | rhythmbox | 0.6.1 |
| gnome | rhythmbox | * |
| gnome | rhythmbox | 0.8.0 |
| gnome | rhythmbox | 0.6.3 |
| gnome | rhythmbox | 0.9.3.1 |
| gnome | rhythmbox | 0.7.2 |
| gnome | rhythmbox | 0.9.1 |
| gnome | rhythmbox | 0.12.2 |
| gnome | rhythmbox | 0.11.5 |
| gnome | rhythmbox | 0.9.0 |
| gnome | rhythmbox | 0.8.8 |
| gnome | rhythmbox | 0.9.3 |
| gnome | rhythmbox | 0.9.2 |
| gnome | rhythmbox | 0.13.0 |
| gnome | rhythmbox | 0.6.2 |
| gnome | rhythmbox | 0.12.3 |
| gnome | rhythmbox | 0.5.88 |
| gnome | rhythmbox | 0.9.8 |
| gnome | rhythmbox | 0.10.0.90 |
| gnome | rhythmbox | 0.12.5 |
| gnome | rhythmbox | 0.7.1 |
| gnome | rhythmbox | 0.5.4 |
| gnome | rhythmbox | 0.11.6 |
| gnome | rhythmbox | 0.12.0 |
| gnome | rhythmbox | 0.9.4.1 |
| gnome | rhythmbox | 0.8.1 |
| gnome | rhythmbox | 0.11.2 |
| gnome | rhythmbox | 0.5.3 |
| gnome | rhythmbox | 0.11.0 |
| gnome | rhythmbox | 0.6.5 |
| gnome | rhythmbox | 0.8.5 |
| gnome | rhythmbox | 0.10.1 |
| gnome | rhythmbox | 0.6.4 |
| gnome | rhythmbox | 0.12.8 |
| gnome | rhythmbox | 0.8.4 |
| gnome | rhythmbox | 0.12.6 |
| gnome | rhythmbox | 0.10.0 |
| gnome | rhythmbox | 0.9.6.90 |
| gnome | rhythmbox | 0.6.0 |
| gnome | rhythmbox | 0.6.8 |
| gnome | rhythmbox | 0.8.2 |
| gnome | rhythmbox | 0.9.7 |
| gnome | rhythmbox | 0.8.6 |
| gnome | rhythmbox | 0.13.1 |
| gnome | rhythmbox | 0.5.0 |
| gnome | rhythmbox | 0.8.3 |
| gnome | rhythmbox | 0.11.4 |
| gnome | rhythmbox | 0.7.0 |
| gnome | rhythmbox | 0.12.7 |
| gnome | rhythmbox | 0.13.2 |
| gnome | rhythmbox | 0.6.6 |
| gnome | rhythmbox | 0.11.3 |
| gnome | rhythmbox | 0.9.6 |
| gnome | rhythmbox | 0.5.1 |
| gnome | rhythmbox | 0.6.7 |
| gnome | rhythmbox | 0.9.4 |
| gnome | rhythmbox | 0.9.5 |
| gnome | rhythmbox | 0.11.1 |
gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| gnome | gnome_keyring | 3.2 |
| gnome | gnome_keyring | 3.4 |
Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome_online_accounts | 3.7.1 |
| gnome | gnome_online_accounts | 3.7.2 |
| gnome | gnome_online_accounts | 3.7.4 |
| gnome | gnome_online_accounts | 3.4.0 |
| gnome | gnome_online_accounts | 3.6.1 |
| gnome | gnome_online_accounts | 3.4.1 |
| canonical | ubuntu_linux | 12.10 |
| gnome | gnome_online_accounts | 3.6.2 |
| gnome | gnome_online_accounts | 3.7.3 |
| canonical | ubuntu_linux | 11.10 |
| canonical | ubuntu_linux | 12.04 |
| gnome | gnome_online_accounts | 3.6.0 |
The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome_screensaver | 3.5.5 |
| gnome | gnome_screensaver | 3.6.0 |
| gnome | gnome_screensaver | 3.5.4 |
Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome_online_accounts | 3.7.1 |
| gnome | gnome_online_accounts | 3.7.2 |
| gnome | gnome_online_accounts | 3.7.4 |
| gnome | gnome_online_accounts | 3.7.3 |
| canonical | ubuntu_linux | 11.10 |
| gnome | gnome_online_accounts | 3.6.1 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 12.10 |
| gnome | gnome_online_accounts | 3.6.2 |
| gnome | gnome_online_accounts | 3.6.0 |
| gnome | gnome_online_accounts | 3.7.90 |
GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | librsvg | 2.34.2 |
| gnome | librsvg | 2.2.1 |
| gnome | librsvg | 2.12.4 |
| gnome | librsvg | 2.1.4 |
| gnome | librsvg | 2.12.6 |
| gnome | librsvg | 2.1.0 |
| gnome | librsvg | * |
| gnome | librsvg | 2.16.0 |
| gnome | librsvg | 2.18.0 |
| gnome | librsvg | 2.13.92 |
| gnome | librsvg | 2.22.2 |
| gnome | librsvg | 1.1.3 |
| gnome | librsvg | 2.35.2 |
| gnome | librsvg | 2.32.0 |
| gnome | librsvg | 2.26.1 |
| gnome | librsvg | 1.0.1 |
| gnome | librsvg | 2.14.1 |
| gnome | librsvg | 2.36.1 |
| gnome | librsvg | 2.2.2 |
| gnome | librsvg | 1.0.2 |
| gnome | librsvg | 2.15.90 |
| gnome | librsvg | 2.14.4 |
| gnome | librsvg | 1.1.4 |
| gnome | librsvg | 2.35.0 |
| gnome | librsvg | 2.22.0 |
| gnome | librsvg | 2.36.3 |
| gnome | librsvg | 2.13.93 |
| gnome | librsvg | 2.36.2 |
| gnome | librsvg | 2.12.7 |
| gnome | librsvg | 2.12.3 |
| gnome | librsvg | 2.1.2 |
| gnome | librsvg | 2.13.2 |
| gnome | librsvg | 2.18.1 |
| gnome | librsvg | 2.12.1 |
| gnome | librsvg | 2.11.1 |
| gnome | librsvg | 2.13.91 |
| gnome | librsvg | 2.14.2 |
| gnome | librsvg | 2.14.0 |
| gnome | librsvg | 2.34.0 |
| gnome | librsvg | 2.2.0 |
| gnome | librsvg | 2.1.3 |
| gnome | librsvg | 2.32.1 |
| gnome | librsvg | 2.22.1 |
| gnome | librsvg | 2.26.0 |
| gnome | librsvg | 2.35.1 |
| gnome | librsvg | 1.0.3 |
| gnome | librsvg | 2.2.5 |
| gnome | librsvg | 2.12.5 |
| gnome | librsvg | 2.0.0 |
| gnome | librsvg | 2.16.1 |
| gnome | librsvg | 2.13.1 |
| gnome | librsvg | 2.34.1 |
| gnome | librsvg | 2.2.4 |
| gnome | librsvg | 2.13.5 |
| gnome | librsvg | 2.13.3 |
| gnome | librsvg | 2.3.1 |
| gnome | librsvg | 2.22.3 |
| gnome | librsvg | 1.1.6 |
| gnome | librsvg | 2.1.1 |
| gnome | librsvg | 2.36.0 |
| gnome | librsvg | 2.11.0 |
| gnome | librsvg | 2.1.5 |
| gnome | librsvg | 2.12.0 |
| gnome | librsvg | 2.26.2 |
| gnome | librsvg | 2.13.4 |
| gnome | librsvg | 2.18.2 |
| gnome | librsvg | 1.1.1 |
| gnome | librsvg | 2.12.2 |
| gnome | librsvg | 1.1.5 |
| gnome | librsvg | 2.0.1 |
| gnome | librsvg | 2.20.0 |
| gnome | librsvg | 2.13.90 |
| gnome | librsvg | 1.0.0 |
| gnome | librsvg | 1.1.2 |
| gnome | librsvg | 2.2.3 |
| gnome | librsvg | 2.3.0 |
| gnome | librsvg | 2.13.0 |
| gnome | librsvg | 2.14.3 |
| gnome | librsvg | 2.15.0 |
| gnome | librsvg | 2.26.3 |
| gnome | librsvg | 2.31.0 |
evince is missing a check on number of pages which can lead to a segmentation fault
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 9.0 |
| gnome | evince | 3.9.2 |
| opensuse | opensuse | 13.1 |
| gnome | evince | 3.8.2 |
| redhat | enterprise_linux | 5.0 |
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server | 6.0 |
| gnome | evolution_data_server | * |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| gnome | evolution | * |
GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome_display_manager | 2.18.3 |
| gnome | gnome_display_manager | 2.14.3 |
| gnome | gnome_display_manager | 2.18.1 |
| gnome | gnome_display_manager | 2.16.1 |
| gnome | gnome_display_manager | 2.20.8 |
| gnome | gnome_display_manager | 2.13 |
| gnome | gnome_display_manager | 2.14.6 |
| gnome | gnome_display_manager | 2.18 |
| gnome | gnome_display_manager | 2.19.2 |
| gnome | gnome_display_manager | 2.20.10 |
| gnome | gnome_display_manager | 2.19 |
| gnome | gnome_display_manager | 2.20.4 |
| gnome | gnome_display_manager | 2.14.8 |
| gnome | gnome_display_manager | 2.17 |
| gnome | gnome_display_manager | 2.14.11 |
| gnome | gnome_display_manager | 2.15 |
| gnome | gnome_display_manager | 2.20.9 |
| gnome | gnome_display_manager | 2.14.4 |
| gnome | gnome_display_manager | 2.16.2 |
| gnome | gnome_display_manager | 2.20.6 |
| gnome | gnome_display_manager | 2.20.7 |
| gnome | gnome_display_manager | 2.14 |
| gnome | gnome_display_manager | 2.14.2 |
| gnome | gnome_display_manager | 2.2 |
| gnome | gnome_display_manager | 1.0 |
| gnome | gnome_display_manager | 2.14.10 |
| gnome | gnome_display_manager | 2.20.5 |
| gnome | gnome_display_manager | 2.14.5 |
| gnome | gnome_display_manager | 2.19.3 |
| gnome | gnome_display_manager | 2.14.1 |
| gnome | gnome_display_manager | 2.20.0 |
| gnome | gnome_display_manager | * |
| gnome | gnome_display_manager | 2.19.4 |
| gnome | gnome_display_manager | 2.14.9 |
| gnome | gnome_display_manager | 2.18.2 |
| gnome | gnome_display_manager | 2.20.3 |
| gnome | gnome_display_manager | 0.7 |
| gnome | gnome_display_manager | 2.0 |
| gnome | gnome_display_manager | 2.14.12 |
| gnome | gnome_display_manager | 2.20.1 |
| gnome | gnome_display_manager | 2.20.2 |
| gnome | gnome_display_manager | 2.19.1 |
| gnome | gnome_display_manager | 2.14.7 |
| gnome | gnome_display_manager | 2.16 |
Orca has arbitrary code execution due to insecure Python module load
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 1.3 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| gnome | orca | - |
| debian | debian_linux | 9.0 |
Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnumeric | 1.12.7 |
| gnome | gnumeric | 1.12.0 |
| gnome | gnumeric | 1.12.6 |
| gnome | gnumeric | 1.12.2 |
| gnome | gnumeric | 1.12.4 |
| gnome | gnumeric | 1.12.3 |
| gnome | gnumeric | 1.12.1 |
| gnome | gnumeric | 1.12.5 |
| gnome | gnumeric | * |
js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome-shell | 3.1.4 |
| gnome | gnome-shell | 3.7.3 |
| gnome | gnome-shell | 3.7.2 |
| gnome | gnome-shell | 3.6.2 |
| gnome | gnome-shell | 3.3.2 |
| gnome | gnome-shell | 3.4.2 |
| gnome | gnome-shell | 3.6.3 |
| gnome | gnome-shell | 3.7.2.1 |
| gnome | gnome-shell | 3.1.3 |
| gnome | gnome-shell | 3.5.3 |
| gnome | gnome-shell | 3.5.4 |
| gnome | gnome-shell | * |
| gnome | gnome-shell | 3.3.91 |
| gnome | gnome-shell | 3.1.91 |
| gnome | gnome-shell | 3.3.5 |
| gnome | gnome-shell | 3.0.0.2 |
| gnome | gnome-shell | 3.7.4 |
| gnome | gnome-shell | 3.7.5 |
| gnome | gnome-shell | 3.6.3.1 |
| gnome | gnome-shell | 3.7.91 |
| gnome | gnome-shell | 3.4.1 |
| gnome | gnome-shell | 3.0.1 |
| gnome | gnome-shell | 3.3.92 |
| gnome | gnome-shell | 3.4.0 |
| gnome | gnome-shell | 3.0.0 |
| gnome | gnome-shell | 3.6.1 |
| gnome | gnome-shell | 3.0.0.1 |
| gnome | gnome-shell | 3.5.2 |
| gnome | gnome-shell | 3.5.92 |
| gnome | gnome-shell | 3.1.91.1 |
| gnome | gnome-shell | 3.6.0 |
| gnome | gnome-shell | 3.0.2 |
| gnome | gnome-shell | 3.7.4.1 |
| gnome | gnome-shell | 3.1.90.1 |
| gnome | gnome-shell | 3.5.90 |
| gnome | gnome-shell | 3.3.90 |
| gnome | gnome-shell | 3.2.2.1 |
| gnome | gnome-shell | 3.2.1 |
| gnome | gnome-shell | 3.1.90 |
| gnome | gnome-shell | 3.2.0 |
| gnome | gnome-shell | 3.3.3 |
| gnome | gnome-shell | 3.2.2 |
| gnome | gnome-shell | 3.7.3.1 |
| gnome | gnome-shell | 3.7.1 |
| gnome | gnome-shell | 3.1.92 |
| gnome | gnome-shell | 3.5.91 |
The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome-shell | 3.1.4 |
| gnome | gnome-shell | 3.9.3 |
| gnome | gnome-shell | 3.9.1 |
| gnome | gnome-shell | 3.8.0.1 |
| gnome | gnome-shell | 3.6.2 |
| gnome | gnome-shell | 3.3.2 |
| gnome | gnome-shell | 3.7.2.1 |
| gnome | gnome-shell | 3.5.3 |
| gnome | gnome-shell | 3.5.4 |
| gnome | gnome-shell | * |
| gnome | gnome-shell | 3.7.5 |
| gnome | gnome-shell | 3.6.3.1 |
| gnome | gnome-shell | 3.4.1 |
| gnome | gnome-shell | 3.9.90 |
| gnome | gnome-shell | 3.4.0 |
| gnome | gnome-shell | 3.0.0 |
| gnome | gnome-shell | 3.6.1 |
| gnome | gnome-shell | 3.5.92 |
| gnome | gnome-shell | 3.6.0 |
| gnome | gnome-shell | 3.7.4.1 |
| gnome | gnome-shell | 3.1.90.1 |
| gnome | gnome-shell | 3.8.1 |
| gnome | gnome-shell | 3.2.2.1 |
| gnome | gnome-shell | 3.2.1 |
| gnome | gnome-shell | 3.2.0 |
| gnome | gnome-shell | 3.3.3 |
| gnome | gnome-shell | 3.2.2 |
| gnome | gnome-shell | 3.7.3.1 |
| gnome | gnome-shell | 3.5.91 |
| gnome | gnome-shell | 3.7.3 |
| gnome | gnome-shell | 3.7.2 |
| gnome | gnome-shell | 3.8.4 |
| gnome | gnome-shell | 3.4.2 |
| gnome | gnome-shell | 3.6.3 |
| gnome | gnome-shell | 3.1.3 |
| gnome | gnome-shell | 3.3.91 |
| gnome | gnome-shell | 3.1.91 |
| gnome | gnome-shell | 3.3.5 |
| gnome | gnome-shell | 3.0.0.2 |
| gnome | gnome-shell | 3.7.4 |
| gnome | gnome-shell | 3.9.91 |
| gnome | gnome-shell | 3.9.5 |
| gnome | gnome-shell | 3.7.91 |
| gnome | gnome-shell | 3.7.92 |
| gnome | gnome-shell | 3.9.4 |
| gnome | gnome-shell | 3.0.1 |
| gnome | gnome-shell | 3.3.92 |
| gnome | gnome-shell | 3.0.0.1 |
| gnome | gnome-shell | 3.5.2 |
| gnome | gnome-shell | 3.1.91.1 |
| gnome | gnome-shell | 3.8.3 |
| gnome | gnome-shell | 3.0.2 |
| gnome | gnome-shell | 3.5.90 |
| gnome | gnome-shell | 3.3.90 |
| gnome | gnome-shell | 3.8.2 |
| gnome | gnome-shell | 3.1.90 |
| gnome | gnome-shell | 3.9.2 |
| gnome | gnome-shell | 3.7.1 |
| gnome | gnome-shell | 3.1.92 |
| gnome | gnome-shell | 3.8.0 |
GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome_display_manager | 3.0.4 |
| gnome | gnome_display_manager | 3.1.90 |
| gnome | gnome_display_manager | 3.1.91 |
| gnome | gnome_display_manager | 3.2.0 |
| gnome | gnome_display_manager | 3.4.0 |
| gnome | gnome_display_manager | 3.0.0 |
| gnome | gnome_display_manager | 3.2.1.1 |
| gnome | gnome_display_manager | 3.1.92 |
| gnome | gnome_display_manager | * |
| gnome | gnome_display_manager | 3.0.3 |
| gnome | gnome_display_manager | 3.2.1 |
| gnome | gnome_display_manager | 3.3.92.1 |
| gnome | gnome_display_manager | 3.1.2 |
| gnome | gnome_display_manager | 3.0.2 |
| gnome | gnome_display_manager | 3.3.92 |
| gnome | gnome_display_manager | 3.4.0.1 |
GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu | 14.04 |
| gnome | gtk | * |
| linuxmint | linux_mint | 17.0 |
GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome-shell | 3.14.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_hpc_node | 7.0 |
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | vala | 0.26.0 |
| opensuse | opensuse | 13.2 |
| gnome | vala | 0.26.1 |
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | linux_enterprise_real_time_extension | 11 |
| suse | linux_enterprise_software_development_kit | 12 |
| gnome | networkmanager | * |
| suse | linux_enterprise_server | 11 |
| suse | linux_enterprise_software_development_kit | 11 |
| suse | linux_enterprise_workstation_extension | 12 |
| suse | linux_enterprise_debuginfo | 11 |
| canonical | ubuntu_linux | 12.04 |
| oracle | linux | 7 |
| suse | linux_enterprise_desktop | 11 |
| suse | linux_enterprise_server | 12 |
| suse | linux_enterprise_desktop | 12 |
Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by "\tmp\moo."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.1 |
| gnome | gcab | 0.4 |
| opensuse | opensuse | 13.2 |
The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | librest | 0.7.92 |
The GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap write and crash) or possibly execute arbitrary code via a crafted Byzanz debug data recording (ByzanzRecording file) to the byzanz-playback command.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | byzanz | * |
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 15.04 |
| oracle | solaris | 10 |
| oracle | solaris | 11.3 |
| gnome | gdk-pixbuf | * |
| opensuse | opensuse | 13.1 |
| canonical | ubuntu_linux | 14.04 |
| fedoraproject | fedora | 22 |
| canonical | ubuntu_linux | 12.04 |
| opensuse | opensuse | 13.2 |
| fedoraproject | fedora | 21 |
GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 23 |
| gnome | gnome_display_manager | * |
The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | librsvg | * |
librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| gnome | librsvg | * |
io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gdk-pixbuf | * |
| opensuse | opensuse | 13.2 |
Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 15.04 |
| gnome | gdk-pixbuf | * |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| opensuse | opensuse | 13.2 |
Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| gnome | gdk-pixbuf | * |
gdm3 3.14.2 and possibly later has an information leak before screen lock
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 2.4 | LOW | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 0.9 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 9.0 |
| gnome | gnome_display_manager | 3.14.2 |
| redhat | enterprise_linux | 7.0 |
| opensuse | leap | 42.2 |
Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.7 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N | 2.2 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 7.0 |
| gnome | shotwell | 0.22.0 |
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
| gnome | evolution | * |
libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libgrss | * |
The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| opensuse | leap | 42.1 |
| gnome | librsvg | * |
| opensuse | opensuse | 13.2 |
The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | librsvg | 2.40.2 |
The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.1 |
| canonical | ubuntu_linux | 16.04 |
| gnome | gdk-pixbuf | * |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| opensuse | opensuse | 13.2 |
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | eye_of_gnome | 3.19.1 |
| gnome | eye_of_gnome | 3.17.91 |
| gnome | eye_of_gnome | 3.19.2 |
| gnome | eye_of_gnome | 3.18.2 |
| fedoraproject | fedora | 24 |
| gnome | eye_of_gnome | 3.20.2 |
| gnome | eye_of_gnome | 3.19.92 |
| gnome | eye_of_gnome | 3.17.1 |
| gnome | eye_of_gnome | 3.20.0 |
| gnome | eye_of_gnome | 3.19.3 |
| gnome | eye_of_gnome | 3.20.3 |
| gnome | eye_of_gnome | 3.17.3 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| gnome | eye_of_gnome | 3.16.5 |
| gnome | eye_of_gnome | 3.19.91 |
| fedoraproject | fedora | 23 |
| gnome | eye_of_gnome | 3.17.90 |
| gnome | eye_of_gnome | 3.19.90 |
| gnome | eye_of_gnome | 3.17.2 |
| opensuse | opensuse | 13.2 |
| gnome | eye_of_gnome | 3.17.92 |
| opensuse | leap | 42.1 |
| canonical | ubuntu_linux | 16.04 |
| gnome | eye_of_gnome | 3.19.4 |
| gnome | eye_of_gnome | 3.18.0 |
| gnome | eye_of_gnome | 3.20.1 |
| gnome | eye_of_gnome | 3.18.1 |
An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libgsf | * |
Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-319,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | shotwell | * |
GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | epiphany | 3.20.2 |
| gnome | epiphany | 3.22.1 |
| gnome | epiphany | 3.22.4 |
| gnome | epiphany | 3.20.6 |
| gnome | epiphany | 3.23.4 |
| gnome | epiphany | 3.22.2 |
| gnome | epiphany | 3.23.1 |
| gnome | epiphany | 3.20.4 |
| gnome | epiphany | 3.20.3 |
| gnome | epiphany | 3.18.3 |
| gnome | epiphany | 3.20.5 |
| gnome | epiphany | 3.20.1 |
| gnome | epiphany | 3.18.7 |
| gnome | epiphany | 3.22.3 |
| gnome | epiphany | 3.23.2.1 |
| gnome | epiphany | 3.23.1.2 |
| gnome | epiphany | 3.18.8 |
| gnome | epiphany | 3.18.5 |
| gnome | epiphany | 3.23.1.1 |
| gnome | epiphany | 3.23.3 |
| gnome | epiphany | 3.18.4 |
| gnome | epiphany | 3.18.2 |
| gnome | epiphany | 3.18.1 |
| gnome | epiphany | 3.23.2 |
| gnome | epiphany | 3.18.10 |
| gnome | epiphany | 3.20.0 |
| gnome | epiphany | 3.18.0 |
| gnome | epiphany | 3.18.9 |
| gnome | epiphany | 3.18.6 |
| gnome | epiphany | 3.22.5 |
| gnome | epiphany | 3.22.0 |
gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gtk-vnc | 0.4.2 |
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server | 7.4 |
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_server | 7.5 |
| redhat | enterprise_linux_server_eus | 7.6 |
| gnome | evince | * |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_server_tus | 7.6 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux_server | 7.6 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server_eus | 7.5 |
| redhat | enterprise_linux_server_tus | 7.4 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_aus | 7.4 |
Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | evince | * |
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 7.0 |
| canonical | ubuntu_linux | 17.10 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| gnome | gdk-pixbuf | * |
| canonical | ubuntu_linux | 14.04 |
Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each failed authentication attempt will leak a file descriptor in gnome-session. When the maximum number of file descriptors is exhausted in the gnome-session process, it will enter an infinite loop trying to communicate without success, consuming 100% of the CPU. The graphical session associated with the gnome-session process will stop working correctly, because communication with gnome-session is no longer possible.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome-session | * |
A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | librsvg | 2.40.17 |
There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a remote denial of service attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libgxps | 0.2.5 |
A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-592,CWE-665,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome_display_manager | 3.24.1 |
GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gdk-pixbuf | 2.32.2 |
| gnome | nautilus | 3.14.3 |
libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gedit | * |
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 9.0 |
| gnome | nautilus | * |
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| postbox-inc | postbox | - |
| 9folders | nine | - |
| gnome | evolution | - |
| microsoft | outlook | 2010 |
| microsoft | outlook | 2016 |
| microsoft | outlook | 2007 |
| ibm | notes | - |
| flipdogsolutions | maildroid | - |
| r2mail2 | r2mail2 | - |
| apple | - | |
| gmail | - | |
| kde | kmail | - |
| microsoft | outlook | 2013 |
| mozilla | thunderbird | - |
| ritlabs | the_bat | - |
| freron | mailmate | - |
| horde | horde_imp | - |
| kde | trojita | - |
| bloop | airmail | - |
| emclient | emclient | - |
An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| gnome | gdk-pixbuf | 2.36.6 |
An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| gnome | gdk-pixbuf | 2.36.6 |
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux_server_eus | 7.4 |
| gnome | libsoup | 2.58 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server_eus | 7.5 |
| redhat | enterprise_linux_server_tus | 7.4 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server_aus | 7.4 |
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-118,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gtk-vnc | * |
| fedoraproject | fedora | 25 |
Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gtk-vnc | * |
| fedoraproject | fedora | 25 |
gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 30 |
| gnome | gdk-pixbuf | * |
| fedoraproject | fedora | 31 |
Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| fedoraproject | fedora | 30 |
| gnome | gdk-pixbuf | * |
| fedoraproject | fedora | 31 |
Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H | 1.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-191,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| fedoraproject | fedora | 30 |
| gnome | gdk-pixbuf | * |
| fedoraproject | fedora | 31 |
The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| fedoraproject | fedora | 30 |
| gnome | gdk-pixbuf | * |
| fedoraproject | fedora | 31 |
The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libcroco | 0.6.12 |
| gnome | libcroco | 0.6.11 |
The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports "This is not a security issue in my view. The conversion surely is truncating the double into a long value, but there is no impact as the value is one of the RGB components.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libcroco | 0.6.12 |
| gnome | libcroco | 0.6.11 |
gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome-shell | 3.22.2 |
| gnome | gnome-shell | 3.24.1 |
| gnome | gnome-shell | 3.23.2 |
| gnome | gnome-shell | 3.22.1 |
| gnome | gnome-shell | 3.22.3 |
| gnome | gnome-shell | 3.23.1 |
| gnome | gnome-shell | 3.23.91 |
| gnome | gnome-shell | 3.23.92 |
| gnome | gnome-shell | 3.23.90 |
| gnome | gnome-shell | 3.23.3 |
| gnome | gnome-shell | 3.24.0 |
| gnome | gnome-shell | 3.22.0 |
The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.3 |
| gnome | libcroco | 0.6.12 |
The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.3 |
| gnome | libcroco | 0.6.12 |
GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 7.0 |
| gnome | librsvg | * |
GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does not appear to be available at this time.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| gnome | networkmanager | * |
There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | ansible_tower | 3.3 |
| opensuse | leap | 15.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| gnome | libgxps | * |
| redhat | enterprise_linux_desktop | 7.0 |
There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | ansible_tower | 3.3 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| gnome | libgxps | * |
| redhat | enterprise_linux_desktop | 7.0 |
Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| gnome | network_manager_vpnc | * |
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | epiphany | * |
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| webkitgtk | webkitgtk+ | * |
| gnome | libsoup | * |
libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | epiphany | * |
addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the required string length first, and then allocated a large-enough buffer on the heap.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | evolution | * |
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libsoup | 2.63.2 |
| opensuse | leap | 15.0 |
| redhat | openshift_container_platform | 3.11 |
| debian | debian_linux | 8.0 |
| redhat | ansible_tower | 3.3 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| canonical | ubuntu_linux | 14.04 |
| redhat | enterprise_linux_desktop | 7.0 |
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome_display_manager | * |
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| gnome | pango | * |
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-347,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| gnome | evolution | * |
In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| gnome | glib | 2.56.1 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| gnome | glib | 2.56.1 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| gnome | gthumb | * |
GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. NOTE: the vendor disputes this because, according to the security model, untrusted applications must not be allowed to access the user's session bus socket.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome-keyring | * |
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| gnome | gnome_keyring | * |
| canonical | ubuntu_linux | 14.04 |
| oracle | zfs_storage_appliance_kit | 8.8 |
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | - |
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.6 |
| gnome | gcab | * |
| redhat | enterprise_linux_server_tus | 7.6 |
| canonical | ubuntu_linux | 17.10 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server_eus | 7.5 |
| redhat | enterprise_linux_server_tus | 7.4 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_aus | 7.4 |
Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
| opensuse | leap | 15.1 |
| gnome | evince | 3.26.0 |
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_aus | 8.4 |
| redhat | enterprise_linux_eus | 7.6 |
| redhat | enterprise_linux | 8.0 |
| redhat | openshift_container_platform | 4.1 |
| redhat | enterprise_linux_server_tus | 7.7 |
| fedoraproject | fedora | 29 |
| redhat | enterprise_linux_eus | 8.1 |
| oracle | sd-wan_edge | 8.2 |
| redhat | enterprise_linux_eus | 7.4 |
| oracle | sd-wan_edge | 7.3 |
| redhat | enterprise_linux_server_aus | 8.2 |
| redhat | enterprise_linux_server_aus | 7.7 |
| fedoraproject | fedora | 30 |
| redhat | enterprise_linux_eus | 8.4 |
| oracle | sd-wan_edge | 8.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_eus | 8.2 |
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 19.04 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | openshift_container_platform | 3.11 |
| oracle | sd-wan_edge | 8.1 |
| gnome | pango | * |
| redhat | enterprise_linux_server_tus | 8.4 |
| redhat | enterprise_linux_server_tus | 7.6 |
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-754,CWE-908,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_aus | 8.4 |
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 19.04 |
| redhat | enterprise_linux_eus | 8.6 |
| redhat | enterprise_linux_server_tus | 8.2 |
| opensuse | leap | 15.0 |
| redhat | enterprise_linux | 8.0 |
| fedoraproject | fedora | 29 |
| redhat | enterprise_linux_server_tus | 8.6 |
| redhat | enterprise_linux_eus | 8.1 |
| redhat | enterprise_linux_server_aus | 8.2 |
| gnome | evince | * |
| canonical | ubuntu_linux | 18.10 |
| redhat | enterprise_linux_server_aus | 8.6 |
| redhat | enterprise_linux_server_tus | 8.4 |
| debian | debian_linux | 8.0 |
| fedoraproject | fedora | 30 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| redhat | enterprise_linux_eus | 8.4 |
| opensuse | leap | 15.1 |
| redhat | enterprise_linux_eus | 8.2 |
An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome-desktop | 3.26.0 |
| gnome | gnome-desktop | * |
| gnome | gnome-desktop | 3.28.0 |
An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | nautilus | * |
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.3 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N | 2.1 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 30 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
| opensuse | leap | 15.1 |
| gnome | gvfs | * |
| fedoraproject | fedora | 29 |
| canonical | ubuntu_linux | 18.10 |
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gvfs | * |
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.7 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N | 2.1 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-755,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 30 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
| opensuse | leap | 15.1 |
| gnome | gvfs | * |
| fedoraproject | fedora | 29 |
| canonical | ubuntu_linux | 18.10 |
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-276,CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_aus | 8.4 |
| canonical | ubuntu_linux | 19.04 |
| redhat | enterprise_linux_eus | 8.6 |
| redhat | enterprise_linux_server_tus | 8.2 |
| opensuse | leap | 15.0 |
| redhat | enterprise_linux | 8.0 |
| gnome | glib | * |
| redhat | enterprise_linux_server_tus | 8.6 |
| redhat | enterprise_linux_eus | 8.1 |
| redhat | enterprise_linux_server_aus | 8.2 |
| canonical | ubuntu_linux | 18.10 |
| redhat | enterprise_linux_server_aus | 8.6 |
| redhat | enterprise_linux_server_tus | 8.4 |
| debian | debian_linux | 8.0 |
| fedoraproject | fedora | 30 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| redhat | enterprise_linux_eus | 8.4 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_eus | 8.2 |
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-276,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gvfs | * |
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | glib | * |
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| gnome | file-roller | * |
libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libsoup | * |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 19.04 |
In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that returns NULL).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome-font-viewer | 3.34.0 |
When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| opensuse | leap | 15.1 |
| gnome | dia | * |
| fedoraproject | fedora | 33 |
A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| gnome | gthumb | * |
| linuxmint | pix | * |
In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 30 |
| canonical | ubuntu_linux | 18.04 |
| gnome | librsvg | * |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.1 |
| netapp | active_iq_unified_manager | - |
| fedoraproject | fedora | 31 |
A vulnerability was found in GNOME gvdb. It has been classified as critical. This affects the function gvdb_table_write_contents_async of the file gvdb-builder.c. The manipulation leads to use after free. It is possible to initiate the attack remotely. The name of the patch is d83587b2a364eb9a9a53be7e6a708074e252de14. It is recommended to apply a patch to fix this issue. The identifier VDB-216789 was assigned to this vulnerability.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gvariant_database | * |
It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | 0.9 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-285,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.3 |
| canonical | ubuntu_linux | 18.04 |
| opensuse | leap | 15.0 |
| opensuse | leap | 15.1 |
| gnome | gnome-shell | * |
| canonical | ubuntu_linux | 18.10 |
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome_display_manager | * |
| canonical | ubuntu_linux | 18.04 |
| redhat | enterprise_linux | 7.0 |
| canonical | ubuntu_linux | 18.10 |
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-863,CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gvfs | * |
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,CWE-296,CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| gnome | evolution-ews | * |
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.3 |
| fedoraproject | fedora | 28 |
| fedoraproject | fedora | 30 |
| wpewebkit | wpe_webkit | * |
| canonical | ubuntu_linux | 18.04 |
| opensuse | leap | 15.0 |
| fedoraproject | fedora | 29 |
| gnome | epiphany | * |
| webkitgtk | webkitgtk | * |
| canonical | ubuntu_linux | 18.10 |
gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-754,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | glib | 2.59.2 |
It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,CWE-306,CWE-306,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 31 |
| gnome | networkmanager | * |
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.9 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L | 1.3 | 2.5 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-22,CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 19.10 |
| canonical | ubuntu_linux | 20.04 |
| gnome | file-roller | * |
An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | evolution | * |
libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H | 2.8 | 4.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-674,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libcroco | * |
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | 3.9 | 2.5 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| netapp | cloud_backup | - |
| canonical | ubuntu_linux | 19.10 |
| fedoraproject | fedora | 32 |
| canonical | ubuntu_linux | 20.04 |
| gnome | balsa | 2.6.0 |
| fedoraproject | fedora | 31 |
| gnome | glib-networking | * |
| gnome | balsa | * |
| broadcom | fabric_operating_system | - |
A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-522,CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | control_center | - |
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-74,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 20.04 |
| fedoraproject | fedora | 31 |
| gnome | evolution-data-server | * |
In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| gnome | evolution-data-server | * |
In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | backports_sle | 15.0 |
| gnome | balsa | * |
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@ubuntu.com | 7.2 | HIGH | CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H | 0.5 | 6.0 |
| nvd@nist.gov | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-754,CWE-754,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome_display_manager | * |
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 0.7 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.2 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 20.04 |
| gnome | gnome-shell | * |
GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| fedoraproject | fedora | 31 |
| gnome | geary | * |
A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.4 | MEDIUM | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome_display_manager | * |
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gdk-pixbuf | * |
| canonical | ubuntu_linux | 20.04 |
| fedoraproject | fedora | 34 |
| fedoraproject | fedora | 33 |
| canonical | ubuntu_linux | 20.10 |
GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | glib | * |
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-22,CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome-autoar | * |
| fedoraproject | fedora | 34 |
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.9 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L | 1.3 | 2.5 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | file-roller | * |
| fedoraproject | fedora | 34 |
GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gthumb | * |
plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash).
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | glade | * |
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 30 |
| gnome | glib | * |
| fedoraproject | fedora | 31 |
A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-191,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gdk-pixbuf | * |
| fedoraproject | fedora | 34 |
| fedoraproject | fedora | 33 |
A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 8.0 |
| redhat | openshift_container_platform | 4.0 |
| gnome | networkmanager | * |
| fedoraproject | fedora | 33 |
A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked.
CVSS 2.0
Severity: LOW
Problem Type: CWE-667,CWE-667,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome-shell | * |
| centos | stream | 8 |
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-681,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| netapp | cloud_backup | - |
| gnome | glib | * |
| broadcom | brocade_fabric_operating_system_firmware | - |
| netapp | e-series_performance_analyzer | - |
| netapp | active_iq_unified_manager | - |
| fedoraproject | fedora | 34 |
| fedoraproject | fedora | 33 |
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-681,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| netapp | cloud_backup | - |
| gnome | glib | * |
| broadcom | brocade_fabric_operating_system_firmware | - |
| netapp | e-series_performance_analyzer | - |
| netapp | active_iq_unified_manager | - |
| fedoraproject | fedora | 34 |
| fedoraproject | fedora | 33 |
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| gnome | glib | * |
| broadcom | brocade_fabric_operating_system_firmware | - |
| fedoraproject | fedora | 33 |
autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-36241.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome-autoar | * |
| fedoraproject | fedora | 34 |
GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-345,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | evolution | * |
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gupnp | * |
A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage Caribou as an input mechanism. The highest threat from this vulnerability is to system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | caribou | * |
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| gnome | glib | * |
| netapp | active_iq_unified_manager | - |
In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 35 |
| fedoraproject | fedora | 34 |
| fedoraproject | fedora | 33 |
| gnome | libgfbgraph | * |
In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 35 |
| gnome | libgda | * |
| fedoraproject | fedora | 34 |
In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 35 |
| gnome | libzapojit | * |
| fedoraproject | fedora | 34 |
| fedoraproject | fedora | 33 |
In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | evolution-rss | * |
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | grilo | * |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 11.0 |
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine.
CVSS 2.0
Severity: LOW
Problem Type: CWE-273,CWE-273,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome-shell | - |
There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call 'g_free()' to release the return value of 'xmlGetProp()'.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | anjuta | 2.0.0 |
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 35 |
| gnome | gdkpixbuf | 2.42.6 |
| debian | debian_linux | 11.0 |
| fedoraproject | fedora | 34 |
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
| gnome | epiphany | * |
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 11.0 |
| gnome | epiphany | * |
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
| gnome | epiphany | * |
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
| gnome | epiphany | * |
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 35 |
| gnome | gdk-pixbuf | * |
| debian | debian_linux | 11.0 |
Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome-remote-desktop | 42.1.1 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 20.04 |
| gnome | gnome-remote-desktop | 42.1.1-1 |
| canonical | ubuntu_linux | 22.04 |
| gnome | gnome-remote-desktop | 42.1.1-2 |
GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | ocrfeeder | * |
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 35 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
| fedoraproject | fedora | 34 |
| fedoraproject | fedora | 36 |
| gnome | epiphany | * |
GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | nautilus | 42.2 |
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 36 |
In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gdkpixbuf | * |
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 37 |
| gnome | epiphany | * |
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
| secalert@redhat.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | glib | * |
A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| secalert@redhat.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | glib | * |
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 4.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.0 | 3.6 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | glib | * |
A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 5.3 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | 1.8 | 3.4 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | glib | * |
A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| secalert@redhat.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | glib | * |
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome-time_tracker | 3.0.2 |
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | librsvg | * |
| fedoraproject | fedora | 37 |
| debian | debian_linux | 12.0 |
| debian | debian_linux | 11.0 |
| fedoraproject | fedora | 38 |
A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| patrick@puiterwijk.org | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome-shell | 42 |
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 38 |
| gnome | gnome-shell | * |
A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| patrick@puiterwijk.org | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome-maps | * |
A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L | 1.6 | 5.3 |
| nvd@nist.gov | 7.7 | HIGH | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H | 1.0 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | tracker_miners | * |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.9 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L | 1.4 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 23.10 |
| canonical | ubuntu_linux | 20.04 |
| canonical | ubuntu_linux | 22.04 |
| canonical | ubuntu_linux | 23.04 |
| gnome | control_center | * |
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| fedoraproject | fedora | 40 |
| fedoraproject | fedora | 39 |
| gnome | glib | * |
| netapp | ontap_tools | 10 |
An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| talos-cna@cisco.com | 8.4 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.5 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libgsf | 1.14.52 |
An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| talos-cna@cisco.com | 8.4 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.5 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libgsf | 1.14.52 |
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libsoup | * |
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the content type of a request or response).
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libsoup | * |
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libsoup | * |
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | glib | * |
| netapp | active_iq_unified_manager | - |
| debian | debian_linux | 11.0 |
| netapp | ontap_tools | 10 |
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 7.7 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 2.5 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | openshift_container_platform_for_ibm_z | 4.16 |
| redhat | enterprise_linux_server_for_power_little_endian_eus | 9.4_ppc64le |
| redhat | openshift_container_platform | 4.18 |
| redhat | codeready_linux_builder_for_arm64 | 10.0 |
| redhat | codeready_linux_builder_for_power_little_endian_eus | 10.0_ppc64le |
| redhat | enterprise_linux_for_x86_64_eus | 10.0 |
| redhat | enterprise_linux_for_power_little_endian | 9.6_ppc64le |
| redhat | enterprise_linux_for_arm_64 | 9.0 |
| redhat | enterprise_linux_for_power_little_endian | 8.0_ppc64le |
| redhat | openshift_container_platform_for_arm64 | 4.16 |
| redhat | ceph_storage | 8.0 |
| redhat | enterprise_linux_for_x86_64 | 8.8 |
| redhat | codeready_linux_builder_for_power_little_endian | 9.6_ppc64le |
| redhat | enterprise_linux_for_x86_64 | 9.0 |
| redhat | enterprise_linux_for_arm_64 | 10.0 |
| redhat | enterprise_linux_server_aus | 9.2 |
| redhat | enterprise_linux_server_aus | 8.6 |
| redhat | openshift_container_platform_for_linuxone | 4.16 |
| redhat | codeready_linux_builder_for_power_little_endian | 9.0_ppc64le |
| redhat | enterprise_linux_server_aus | 9.6 |
| redhat | openshift_container_platform_for_power | 4.12 |
| redhat | enterprise_linux_for_power_little_endian | 10.0_ppc64le |
| redhat | enterprise_linux_for_arm_64 | 9.6 |
| redhat | codeready_linux_builder_for_x86_64_eus | 10.0 |
| redhat | enterprise_linux_for_power_little_endian | 9.2_ppc64le |
| redhat | codeready_linux_builder_for_x86_64 | 10.0 |
| redhat | openshift_container_platform | 4.17 |
| redhat | codeready_linux_builder_for_ibm_z_systems | 10.0_s390x |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.6_ppc64le |
| redhat | enterprise_linux_server_aus | 9.4 |
| redhat | openshift_container_platform_for_power | 4.16 |
| redhat | openshift_container_platform_for_arm64 | 4.19 |
| redhat | codeready_linux_builder_for_ibm_z_systems | 9.4_s390x |
| redhat | enterprise_linux_for_x86_64 | 9.4 |
| redhat | openshift_container_platform_for_ibm_z | 4.19 |
| redhat | discovery | 2.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 9.0_s390x |
| redhat | enterprise_linux_for_ibm_z_systems | 9.6_s390x |
| redhat | codeready_linux_builder_for_arm64_eus | 9.4 |
| redhat | codeready_linux_builder_for_power_little_endian | 8.0_ppc64le |
| redhat | enterprise_linux_server_for_power_little_endian | 8.6_ppc64le |
| redhat | enterprise_linux_for_ibm_z_systems | 9.2_s390x |
| redhat | openshift_container_platform_for_arm64 | 4.17 |
| redhat | enterprise_linux_for_ibm_z_systems | 9.4_s390x |
| redhat | enterprise_linux_for_arm_64 | 8.0 |
| redhat | openshift_container_platform_for_arm64 | 4.12 |
| redhat | enterprise_linux_for_ibm_z_systems | 10.0_s390x |
| redhat | enterprise_linux_for_x86_64_eus | 8.6 |
| redhat | enterprise_linux_for_x86_64_eus | 8.8 |
| redhat | openshift_container_platform_for_linuxone | 4.12 |
| redhat | enterprise_linux_server_aus | 8.4 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 10.0_s390x |
| redhat | enterprise_linux_for_arm_64 | 9.4 |
| gnome | glib | * |
| redhat | codeready_linux_builder_for_arm64_eus | 10.0 |
| redhat | enterprise_linux_server_aus | 8.2 |
| redhat | codeready_linux_builder_for_x86_64 | 9.4 |
| redhat | openshift_container_platform_for_ibm_z | 4.18 |
| redhat | enterprise_linux_server_for_power_little_endian | 9.6_ppc64le |
| redhat | codeready_linux_builder_for_x86_64 | 9.6 |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0_s390x |
| redhat | codeready_linux_builder_for_power_little_endian | 10.0_ppc64le |
| redhat | enterprise_linux_server_for_power_little_endian | 10.0_ppc64le |
| redhat | enterprise_linux_for_arm_64 | 9.2 |
| redhat | openshift_container_platform_for_power | 4.18 |
| redhat | enterprise_linux_server_tus | 8.6 |
| redhat | enterprise_linux_for_arm_64_eus | 10.0 |
| redhat | openshift_container_platform_for_power | 4.19 |
| redhat | openshift_container_platform | 4.12 |
| redhat | codeready_linux_builder_for_x86_64 | 8.0 |
| redhat | openshift_container_platform_for_linuxone | 4.18 |
| redhat | codeready_linux_builder_for_x86_64 | 9.0 |
| redhat | enterprise_linux_for_x86_64_eus | 8.4 |
| redhat | codeready_linux_builder_for_arm64 | 8.0 |
| redhat | openshift_container_platform_for_ibm_z | 4.17 |
| redhat | enterprise_linux_for_x86_64 | 10.0 |
| redhat | codeready_linux_builder_for_ibm_z_systems | 9.0_s390x |
| redhat | openshift_container_platform | 4.19 |
| redhat | openshift_container_platform | 4.16 |
| redhat | enterprise_linux_server_tus | 8.8 |
| redhat | enterprise_linux_for_power_little_endian_eus | 10.0_ppc64le |
| redhat | enterprise_linux_server_for_power_little_endian | 9.4_ppc64le |
| redhat | codeready_linux_builder_for_power_little_endian | 9.4_ppc64le |
| redhat | codeready_linux_builder_for_arm64 | 9.6 |
| redhat | openshift_container_platform_for_linuxone | 4.19 |
| redhat | codeready_linux_builder | 9.0 |
| redhat | openshift_container_platform_for_power | 4.17 |
| redhat | enterprise_linux_for_x86_64 | 8.0 |
| redhat | openshift_container_platform_for_ibm_z | 4.12 |
| redhat | openshift_container_platform_for_arm64 | 4.18 |
| redhat | openshift_container_platform_for_linuxone | 4.17 |
| redhat | enterprise_linux_for_power_little_endian | 9.0_ppc64le |
| redhat | enterprise_linux_for_power_little_endian | 9.4_ppc64le |
| redhat | codeready_linux_builder_for_ibm_z_systems | 9.6_s390x |
| redhat | codeready_linux_builder_for_ibm_z_systems | 8.0_s390x |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | 10.0_s390x |
| redhat | enterprise_linux_server_for_power_little_endian | 8.8_ppc64le |
| redhat | enterprise_linux_for_x86_64 | 9.2 |
| redhat | enterprise_linux_for_x86_64_eus | 9.6 |
| redhat | enterprise_linux_for_x86_64 | 8.6 |
| redhat | enterprise_linux_for_x86_64_eus | 9.4 |
| redhat | enterprise_linux_for_x86_64 | 9.6 |
A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 5.6 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L | 2.2 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
| gnome | glib | * |
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | openshift | 4.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
| gnome | glib | * |
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 7.0 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H | 2.2 | 4.7 |
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | 3.9 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_aus | 8.4 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 10.0_s390x |
| redhat | enterprise_linux_eus | 9.4 |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.8_ppc64le |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.4_ppc64le |
| redhat | enterprise_linux_server_aus | 8.2 |
| redhat | enterprise_linux_for_arm_64_eus | 9.2_aarch64 |
| redhat | codeready_linux_builder_for_arm64_eus | 10.0_aarch64 |
| redhat | codeready_linux_builder_for_power_little_endian_eus | 10.0_ppc64le |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.6 |
| redhat | enterprise_linux_for_arm_64_eus | 8.8_aarch64 |
| redhat | enterprise_linux_for_power_little_endian | 8.0_ppc64le |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 9.4_s390x |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0_s390x |
| redhat | codeready_linux_builder_for_power_little_endian | 10.0_ppc64le |
| redhat | enterprise_linux_eus | 10.0 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 8.8_s390x |
| redhat | enterprise_linux_server_aus | 9.2 |
| redhat | enterprise_linux_server_tus | 8.6 |
| redhat | enterprise_linux_server_aus | 8.6 |
| redhat | enterprise_linux_eus | 9.2 |
| redhat | enterprise_linux_for_arm_64_eus | 10.0_aarch64 |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.0 |
| redhat | codeready_linux_builder | 10.0 |
| redhat | codeready_linux_builder_for_arm64 | 10.0_aarch64 |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.2 |
| redhat | enterprise_linux_server_aus | 9.6 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 9.2_s390x |
| redhat | enterprise_linux_eus | 8.8 |
| redhat | enterprise_linux_for_power_little_endian | 10.0_ppc64le |
| gnome | libsoup | * |
| redhat | codeready_linux_builder_for_ibm_z_systems | 10.0_s390x |
| redhat | enterprise_linux_update_services_for_sap_solutions | 8.8 |
| redhat | enterprise_linux_for_arm_64 | 8.0_aarch64 |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.6_ppc64le |
| redhat | enterprise_linux_server_tus | 8.8 |
| redhat | enterprise_linux_server_aus | 9.4 |
| redhat | enterprise_linux | 10.0 |
| redhat | enterprise_linux_for_power_little_endian_eus | 10.0_ppc64le |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_for_arm_64 | 9.0_aarch64 |
| redhat | enterprise_linux_for_arm_64_eus | 9.6_aarch64 |
| redhat | enterprise_linux_eus | 9.6 |
| redhat | enterprise_linux_for_arm_64_eus | 9.4_aarch64 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.0_ppc64le |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.6_ppc64le |
| redhat | enterprise_linux_for_power_little_endian | 9.0_ppc64le |
| redhat | enterprise_linux_for_ibm_z_systems | 9.0_s390x |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 9.6_s390x |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | 10.0_s390x |
| redhat | enterprise_linux_for_arm_64 | 10.0_aarch64 |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.2_ppc64le |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.4 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.6_ppc64le |
| redhat | enterprise_linux_for_ibm_z_systems | 10.0_s390x |
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 7.4 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N | 2.8 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_aus | 8.4 |
| redhat | enterprise_linux_update_services_for_sap_solutions | 8.4 |
| redhat | enterprise_linux_eus | 9.4 |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | 9.6_s390x |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.8_ppc64le |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.4_ppc64le |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | 9.2_s390x |
| redhat | codeready_linux_builder_for_eus | 9.2 |
| redhat | codeready_linux_builder_for_arm64 | 9.0_aarch64 |
| redhat | codeready_linux_builder_for_arm64_eus | 9.2_aarch64 |
| redhat | enterprise_linux_server_aus | 8.2 |
| redhat | codeready_linux_builder_for_power_little_endian_eus | 8.8_ppc64le |
| redhat | codeready_linux_builder_for_arm64_eus | 9.6_aarch64 |
| redhat | codeready_linux_builder_for_power_little_endian_eus | 9.6_ppc64le |
| redhat | enterprise_linux_for_power_little_endian | 8.0_ppc64le |
| redhat | codeready_linux_builder | 8.0 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 9.4_s390x |
| redhat | codeready_linux_builder_for_arm64 | 8.0_aarch64 |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0_s390x |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 8.8_s390x |
| redhat | enterprise_linux_server_aus | 9.2 |
| redhat | enterprise_linux_server_tus | 8.6 |
| debian | debian_linux | 11.0 |
| redhat | enterprise_linux_server_aus | 8.6 |
| redhat | enterprise_linux_eus | 9.2 |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.0 |
| redhat | codeready_linux_builder_for_power_little_endian | 9.0_ppc64le |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.2 |
| redhat | enterprise_linux_server_aus | 9.6 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 9.2_s390x |
| redhat | codeready_linux_builder_for_power_little_endian_eus | 9.4_ppc64le |
| redhat | enterprise_linux_for_arm_64 | 9.2_aarch64 |
| redhat | codeready_linux_builder_for_ibm_z_systems | 9.0_s390x |
| redhat | enterprise_linux_update_services_for_sap_solutions | 8.8 |
| redhat | codeready_linux_builder_for_arm64_eus | 9.4_aarch64 |
| redhat | codeready_linux_builder_for_arm64_eus | 8.8_aarch64 |
| redhat | codeready_linux_builder_for_power_little_endian_eus | 9.2_ppc64le |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.6_ppc64le |
| redhat | enterprise_linux_server_tus | 8.8 |
| redhat | enterprise_linux_server_aus | 9.4 |
| redhat | codeready_linux_builder_for_eus | 9.4 |
| redhat | enterprise_linux_for_arm_64 | 8.8_aarch64 |
| redhat | enterprise_linux_for_arm_64 | 9.0_aarch64 |
| redhat | enterprise_linux_update_services_for_sap_solutions | 8.6 |
| redhat | enterprise_linux_for_arm_64_eus | 9.6_aarch64 |
| redhat | enterprise_linux_eus | 9.6 |
| redhat | codeready_linux_builder_for_eus | 8.8 |
| redhat | codeready_linux_builder | 9.0 |
| redhat | enterprise_linux_for_arm_64_eus | 9.4_aarch64 |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | 9.4_s390x |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | 8.8_s390x |
| redhat | enterprise_linux_for_power_little_endian | 9.0_ppc64le |
| redhat | enterprise_linux_server_tus | 8.4 |
| redhat | codeready_linux_builder_for_ibm_z_systems | 8.0_s390x |
| redhat | enterprise_linux_for_ibm_z_systems | 9.0_s390x |
| redhat | codeready_linux_builder_for_power_little_endian | 8.0_ppc64le |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 9.6_s390x |
| gnome | yelp | 42.2-8 |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.2_ppc64le |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.4 |
| redhat | enterprise_linux_for_arm_64 | 8.0 |
A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 3.7 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L | 2.2 | 1.4 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | glib | * |
A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 3.7 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L | 2.2 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | glib | * |
A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libgepub | - |
A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N | 1.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | gdkpixbuf | 2.0.0 |
A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk headers, such as lone line feed (LF) characters instead of the required carriage return and line feed (CRLF). A remote attacker can exploit this without authentication or user interaction by sending specially crafted chunked requests. This allows libsoup to parse and process multiple HTTP requests from a single network message, potentially leading to information disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libsoup | - |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
| redhat | enterprise_linux | 6.0 |
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
| secalert@redhat.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libsoup | - |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
| redhat | enterprise_linux | 6.0 |
A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where they can send hidden, malicious requests alongside legitimate ones. In certain situations, this could lead to Server-Side Request Forgery (SSRF), enabling an attacker to force the server to make unauthorized requests to other internal or external systems. The impact is low, as SoupServer is not actually used in internet infrastructure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 3.9 | LOW | CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L | 0.5 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libsoup | - |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
| redhat | enterprise_linux | 6.0 |
A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_message_new()` function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF (Carriage Return Line Feed) injection, occurs because the method value is not properly escaped during request line construction, potentially leading to HTTP request injection.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 3.9 | LOW | CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L | 0.5 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libsoup | - |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
| redhat | enterprise_linux | 6.0 |
A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. This vulnerability allows for the injection of arbitrary header-value pairs, potentially leading to HTTP header injection and response splitting attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 3.9 | LOW | CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L | 0.5 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libsoup | - |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
| redhat | enterprise_linux | 6.0 |
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the application attempting to access memory that has already been freed, potentially causing application instability or crashes, resulting in a Denial of Service (DoS).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libsoup | - |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
| redhat | enterprise_linux | 6.0 |
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N | 1.6 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | libsoup | - |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |