MidnightBSD

Advisories for gnome

CVE-1999-0990 LOW

Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome gdm 2.0_beta4
CVE-1999-1477 HIGH

Buffer overflow in GNOME libraries 1.0.8 allows local user to gain root access via a long --espeaker argument in programs such as nethack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome gnome_libs 1.0.8
mandrakesoft mandrake_linux 6.0
CVE-2000-0491 HIGH

Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
suse suse_linux 6.2
caldera openlinux *
gnome gdm 1.0
suse suse_linux 6.4
CVE-2000-0504 MEDIUM

libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
open_group x 11.0r6
xfree86_project x11r6 3.3.4
xfree86_project x11r6 3.3.3
gnome gdm 1.0
gnome gdm 1.1
xfree86_project x11r6 3.3.6
open_group x 11.0r6.2
xfree86_project x11r6 3.3.5
open_group x 11.0r5
open_group x 11.0r6.4
open_group x 11.0r6.1
xfree86_project x11r6 4.0
open_group x 11.0r6.3
CVE-2000-0864 MEDIUM

Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
gnome esound 0.2.19
CVE-2000-0948 HIGH

GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome gnorpm *
CVE-2001-0084 HIGH

GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome gtk 1.2.8
CVE-2001-0927 HIGH

Format string vulnerability in the permitted function of GNOME libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers to execute arbitrary code via an argument that contains format specifiers that are passed into the (1) syslog_message and (2) syslog_io_message functions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome libgtop_daemon 1.0.12
gnome libgtop_daemon 1.0.9
gnome libgtop_daemon 1.0.7
gnome libgtop_daemon 1.0.6
CVE-2001-0928 HIGH

Buffer overflow in the permitted function of GNOME gtop daemon (libgtop_daemon) in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome libgtop_daemon 1.0.12
gnome libgtop_daemon 1.0.9
gnome libgtop_daemon 1.0.7
gnome libgtop_daemon 1.0.13
gnome libgtop_daemon 1.0.6
CVE-2002-1814 MEDIUM

Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 6.2
gnome bonobo *
mandrakesoft mandrake_linux 7.1
slackware slackware_linux 8.0
mandrakesoft mandrake_linux 9.0
mandrakesoft mandrake_linux 8.0
redhat linux 7.0
redhat linux 7.1
CVE-2003-0070 MEDIUM

VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nalin_dahyabhai vte 0.11.21
nalin_dahyabhai vte 0.22.5
nalin_dahyabhai vte 0.12.2
nalin_dahyabhai vte 0.16.14
nalin_dahyabhai vte 0.20.5
nalin_dahyabhai vte 0.25.1
gnome gnome-terminal 2.2
nalin_dahyabhai vte 0.14.2
gnome gnome-terminal 2.0
nalin_dahyabhai vte 0.24.3
nalin_dahyabhai vte 0.17.4
nalin_dahyabhai vte 0.15.0
CVE-2003-0080 HIGH

The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not include any rules in the FORWARD chain, which could allow attackers to bypass intended access restrictions if packet forwarding is enabled.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome gnome-lokkit 0.50_21
CVE-2003-0133 MEDIUM

GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome gtkhtml 1.1.10
gnome gtkhtml 1.1.9
CVE-2003-0165 MEDIUM

Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome eog 1.0.2
gnome eog 1.0.0
gnome eog 1.0.1
gnome eog 2.2.0
gnome eog 1.1.4
gnome eog 1.0.4
gnome eog 1.1.3
gnome eog 1.0.3
gnome eog 1.1.1
gnome eog 1.1.2
CVE-2003-0407 HIGH

Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows remote attackers to execute arbitrary code via a long connection string.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome batalla_naval 1.0_4
CVE-2003-0541 MEDIUM

gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome gtkhtml *
CVE-2003-0547 LOW

GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat kdebase 2.4.0.7.13
gnome gdm 2.4.1.6
redhat kdebase 2.4.1.3.5
gnome gdm 2.4.1.2
gnome gdm 2.4.1.3
gnome gdm 2.4.1.1
gnome gdm 2.4.1.4
gnome gdm 2.4.1
gnome gdm 2.4.1.5
CVE-2003-0548 MEDIUM

The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat enterprise_linux 2.1
redhat kdebase 2.0_beta2.45
redhat linux_advanced_workstation 2.1
gnome gdm 2.4.1.1
gnome gdm 2.4.1.4
gnome gdm 2.4.1
gnome gdm 2.4.1.5
redhat kdebase 2.4.0.7.13
gnome gdm 2.4.1.6
redhat kdebase 2.2.3.1.22
redhat kdebase 2.4.1.3.5
gnome gdm 2.4.1.2
redhat kdebase 2.2.3.1.20
gnome gdm 2.4.1.3
gnome gdm 2.2.0
CVE-2003-0549 MEDIUM

The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat enterprise_linux 2.1
redhat kdebase 2.0_beta2.45
redhat linux_advanced_workstation 2.1
gnome gdm 2.4.1.1
gnome gdm 2.4.1.4
gnome gdm 2.4.1
gnome gdm 2.4.1.5
redhat kdebase 2.4.0.7.13
gnome gdm 2.4.1.6
redhat kdebase 2.2.3.1.22
redhat kdebase 2.4.1.3.5
gnome gdm 2.4.1.2
redhat kdebase 2.2.3.1.20
gnome gdm 2.4.1.3
gnome gdm 2.2.0
CVE-2003-0793 LOW

GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome gdm 2.4.1.6
gnome gdm 2.2.5.4
gnome gdm 2.4.1.2
gnome gdm 2.4.1.3
gnome gdm 2.4.4
gnome gdm 2.4.1.1
gnome gdm 2.4.1.4
gnome gdm 2.4.1
gnome gdm 2.4.1.5
CVE-2003-0794 LOW

GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome gdm 2.4.1.6
gnome gdm 2.2.5.4
gnome gdm 2.4.1.2
gnome gdm 2.4.1.3
gnome gdm 2.4.4
gnome gdm 2.4.1.1
gnome gdm 2.4.1.4
gnome gdm 2.4.1
gnome gdm 2.4.1.5
CVE-2004-0111 MEDIUM

gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat enterprise_linux 3.0
redhat enterprise_linux 2.1
gnome gdkpixbuf 0.20
gnome gdkpixbuf 0.18
redhat linux_advanced_workstation 2.1
redhat gdk_pixbuf 0.18.0-7
sgi propack 2.3
sgi propack 2.4
CVE-2004-0753 MEDIUM

The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
gnome gdkpixbuf 0.17
gnome gdkpixbuf 0.22
gnome gdkpixbuf 0.20
gnome gdkpixbuf 0.18
gnome gtk *
CVE-2004-0782 HIGH

Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome gdkpixbuf 0.17
gnome gtk 2.0.2
gnome gdkpixbuf 0.22
gnome gdkpixbuf 0.20
gnome gtk 2.0.6
gnome gdkpixbuf 0.18
gnome gtk 2.2.4
gnome gtk 2.2.3
gnome gtk 2.2.1
CVE-2004-0783 HIGH

Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnome gdkpixbuf 0.17
gnome gtk 2.0.2
gnome gdkpixbuf 0.22
gnome gdkpixbuf 0.20
gnome gtk 2.0.6
gnome gdkpixbuf 0.18
gnome gtk 2.2.4
gnome gtk 2.2.3
gnome gtk 2.2.1
CVE-2004-0788 MEDIUM

Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
gnome gdkpixbuf 0.17
gnome gdkpixbuf 0.22
gnome gdkpixbuf 0.20
gnome gdkpixbuf 0.18
gnome gtk *
CVE-2004-0888 HIGH

Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kde kde 3.2.2
easy_software_products cups 1.1.4_5
easy_software_products cups 1.1.4
easy_software_products cups 1.0.4_8
suse suse_linux 8.1
xpdf xpdf 2.3
suse suse_linux 8.2
easy_software_products cups 1.1.19_rc5
easy_software_products cups 1.1.14
xpdf xpdf 1.0
kde koffice 1.3.2
redhat fedora_core core_2.0
ubuntu ubuntu_linux 4.1
easy_software_products cups 1.1.17
xpdf xpdf 0.91
kde kde 3.3.1
easy_software_products cups 1.1.16
easy_software_products cups 1.1.6
kde koffice 1.3_beta3
pdftohtml pdftohtml 0.32a
kde koffice 1.3
easy_software_products cups 1.1.20
suse suse_linux 9.2
tetex tetex 2.0
xpdf xpdf 1.1
easy_software_products cups 1.1.13
tetex tetex 2.0.2
gentoo linux *
kde koffice 1.3_beta1
xpdf xpdf 2.0
kde kde 3.2
xpdf xpdf 0.93
redhat enterprise_linux 3.0
easy_software_products cups 1.1.15
kde koffice 1.3.1
easy_software_products cups 1.1.4_3
xpdf xpdf 0.90
kde kpdf 3.2
suse suse_linux 9.0
suse suse_linux 9.1
redhat enterprise_linux_desktop 3.0
pdftohtml pdftohtml 0.33
easy_software_products cups 1.1.10
easy_software_products cups 1.1.12
pdftohtml pdftohtml 0.34
tetex tetex 2.0.1
kde koffice 1.3_beta2
debian debian_linux 3.0
pdftohtml pdftohtml 0.33a
xpdf xpdf 3.0
kde kde 3.2.3
easy_software_products cups 1.1.7
easy_software_products cups 1.1.4_2
pdftohtml pdftohtml 0.35
easy_software_products cups 1.1.18
gnome gpdf 0.131
xpdf xpdf 2.1
xpdf xpdf 0.92
redhat enterprise_linux 2.1
suse suse_linux 8.0
easy_software_products cups 1.1.1
xpdf xpdf 1.0a
gnome gpdf 0.112
redhat linux_advanced_workstation 2.1
kde kde 3.3
tetex tetex 1.0.7
pdftohtml pdftohtml 0.32b
easy_software_products cups 1.0.4
kde kde 3.2.1
easy_software_products cups 1.1.19
pdftohtml pdftohtml 0.36
kde koffice 1.3.3
CVE-2004-0889 HIGH

Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kde kde 3.2.2
easy_software_products cups 1.1.4_5
easy_software_products cups 1.1.4
easy_software_products cups 1.0.4_8
suse suse_linux 8.1
xpdf xpdf 2.3
suse suse_linux 8.2
easy_software_products cups 1.1.19_rc5
easy_software_products cups 1.1.14
xpdf xpdf 1.0
kde koffice 1.3.2
redhat fedora_core core_2.0
ubuntu ubuntu_linux 4.1
easy_software_products cups 1.1.17
xpdf xpdf 0.91
kde kde 3.3.1
easy_software_products cups 1.1.16
easy_software_products cups 1.1.6
kde koffice 1.3_beta3
pdftohtml pdftohtml 0.32a
kde koffice 1.3
easy_software_products cups 1.1.20
suse suse_linux 9.2
tetex tetex 2.0
xpdf xpdf 1.1
easy_software_products cups 1.1.13
tetex tetex 2.0.2
gentoo linux *
kde koffice 1.3_beta1
xpdf xpdf 2.0
kde kde 3.2
xpdf xpdf 0.93
redhat enterprise_linux 3.0
easy_software_products cups 1.1.15
kde koffice 1.3.1
easy_software_products cups 1.1.4_3
xpdf xpdf 0.90
kde kpdf 3.2
suse suse_linux 9.0
suse suse_linux 9.1
redhat enterprise_linux_desktop 3.0
pdftohtml pdftohtml 0.33
easy_software_products cups 1.1.10
easy_software_products cups 1.1.12
pdftohtml pdftohtml 0.34
tetex tetex 2.0.1
kde koffice 1.3_beta2
debian debian_linux 3.0
pdftohtml pdftohtml 0.33a
xpdf xpdf 3.0
kde kde 3.2.3
easy_software_products cups 1.1.7
easy_software_products cups 1.1.4_2
pdftohtml pdftohtml 0.35
easy_software_products cups 1.1.18
gnome gpdf 0.131
xpdf xpdf 2.1
xpdf xpdf 0.92
redhat enterprise_linux 2.1
suse suse_linux 8.0
easy_software_products cups 1.1.1
xpdf xpdf 1.0a
gnome gpdf 0.112
redhat linux_advanced_workstation 2.1
kde kde 3.3
tetex tetex 1.0.7
pdftohtml pdftohtml 0.32b
easy_software_products cups 1.0.4
kde kde 3.2.1
easy_software_products cups 1.1.19
pdftohtml pdftohtml 0.36
kde koffice 1.3.3
CVE-2005-0023 LOW

gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome libvte4 *
gnome libzvt2 1.4.2.19
CVE-2005-0102 HIGH

Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
debian debian_linux 3.0
gnome evolution *
CVE-2005-0206 HIGH

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kde kde 3.2.2
suse suse_linux 6.1
sgi propack 3.0
easy_software_products cups 1.1.19_rc5
xpdf xpdf 1.0
suse suse_linux 4.2
suse suse_linux 4.3
suse suse_linux 1.0
tetex tetex 1.0.6
easy_software_products cups 1.1.17
xpdf xpdf 0.91
kde kde 3.3.1
easy_software_products cups 1.1.16
kde koffice 1.3_beta3
pdftohtml pdftohtml 0.32a
kde koffice 1.3
easy_software_products cups 1.1.20
tetex tetex 2.0
easy_software_products cups 1.1.13
tetex tetex 2.0.2
kde koffice 1.3_beta1
xpdf xpdf 2.0
kde kde 3.2
xpdf xpdf 0.93
redhat enterprise_linux 3.0
kde koffice 1.3.1
xpdf xpdf 0.90
suse suse_linux 9.1
suse suse_linux 6.2
pdftohtml pdftohtml 0.33
easy_software_products cups 1.1.10
pdftohtml pdftohtml 0.34
tetex tetex 2.0.1
kde koffice 1.3_beta2
suse suse_linux 6.4
easy_software_products cups 1.1.7
pdftohtml pdftohtml 0.35
easy_software_products cups 1.1.18
xpdf xpdf 2.1
redhat enterprise_linux 2.1
suse suse_linux 4.4
gnome gpdf 0.112
redhat linux_advanced_workstation 2.1
kde kde 3.3
suse suse_linux 7.2
suse suse_linux 5.0
sgi advanced_linux_environment 3.0
easy_software_products cups 1.0.4
ascii ptex 3.1.4
suse suse_linux 4.0
easy_software_products cups 1.1.19
redhat fedora_core core_3.0
easy_software_products cups 1.1.4_5
suse suse_linux 2.0
easy_software_products cups 1.1.4
easy_software_products cups 1.0.4_8
suse suse_linux 8.1
xpdf xpdf 2.3
suse suse_linux 5.3
suse suse_linux 4.4.1
suse suse_linux 5.1
suse suse_linux 8.2
gnome gpdf 0.110
easy_software_products cups 1.1.14
kde koffice 1.3.2
redhat fedora_core core_2.0
ubuntu ubuntu_linux 4.1
suse suse_linux 6.0
easy_software_products cups 1.1.6
suse suse_linux 9.2
xpdf xpdf 1.1
suse suse_linux 7.0
gentoo linux *
mandrakesoft mandrake_linux_corporate_server 3.0
suse suse_linux 5.2
easy_software_products cups 1.1.15
easy_software_products cups 1.1.4_3
kde kpdf 3.2
suse suse_linux 9.0
redhat enterprise_linux_desktop 3.0
suse suse_linux 3.0
redhat fedora_core core_1.0
easy_software_products cups 1.1.12
debian debian_linux 3.0
pdftohtml pdftohtml 0.33a
suse suse_linux 7.3
cstex cstetex 2.0.2
xpdf xpdf 3.0
kde kde 3.2.3
suse suse_linux 7.1
easy_software_products cups 1.1.4_2
gnome gpdf 0.131
xpdf xpdf 0.92
suse suse_linux 6.3
suse suse_linux 8.0
easy_software_products cups 1.1.1
xpdf xpdf 1.0a
redhat linux 9.0
tetex tetex 1.0.7
pdftohtml pdftohtml 0.32b
kde kde 3.2.1
pdftohtml pdftohtml 0.36
kde koffice 1.3.3
CVE-2005-0238 MEDIUM

The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
opera opera_browser *
mozilla mozilla *
omnigroup omniweb 5
mozilla camino 0.8.5
gnome epiphany *
CVE-2005-0372 MEDIUM

Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
gnome gtk *
CVE-2005-0891 MEDIUM

Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
gnome gtk *
CVE-2005-1686 LOW

Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome gedit 2.10.2
CVE-2005-2410 HIGH

Format string vulnerability in the nm_info_handler function in Network Manager may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier, which is not properly handled in a syslog call.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome networkmanager *
CVE-2005-2549 HIGH

Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome evolution 2.3.5
gnome evolution 2.0
gnome evolution 2.3.2
gnome evolution 1.5
gnome evolution 2.2
gnome evolution 2.3.1
gnome evolution 2.1
gnome evolution 2.3.3
gnome evolution 2.3.4
gnome evolution 2.3.6.1
CVE-2005-2550 HIGH

Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome evolution 1.4
gnome evolution 2.3.5
gnome evolution 2.0
gnome evolution 2.3.2
gnome evolution 1.5
gnome evolution 2.2
gnome evolution 2.3.1
gnome evolution 2.1
gnome evolution 2.3.3
gnome evolution 2.3.4
gnome evolution 2.3.6.1
CVE-2005-2958 HIGH

Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome libgda2 *
CVE-2005-2975 HIGH

io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
gnome gdkpixbuf *
gnome gtk *
CVE-2005-2976 HIGH

Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
gnome gdkpixbuf 0.22
gnome gtk *
CVE-2005-3186 HIGH

Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome gdkpixbuf *
gtk gtk+ 2.4.0
CVE-2006-0040 MEDIUM

GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome evolution 2.4.2.1
CVE-2006-0528 MEDIUM

The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome evolution 2.3.5
gnome evolution 2.3.2
gnome evolution 2.3.6
gnome evolution 2.3.1
gnome evolution 2.3.3
gnome evolution 2.3.4
gnome evolution 2.3.6.1
gnome evolution 2.3.7
CVE-2006-0819 HIGH

Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome dwarf_http_server 1.3.2
CVE-2006-0820 MEDIUM

Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified error messages.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome dwarf_http_server 1.3.2
CVE-2006-1057 LOW

Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-362,

Products Affected

Vendor Product Version
gnome gdm 2.14
CVE-2006-1244 HIGH

Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
libextractor libextractor 0.3.6
xpdf xpdf 2.3
xpdf xpdf 3.0
xpdf xpdf 1.0
xpdf xpdf 3.0_pl3
gnome gpdf 2.8.2
libextractor libextractor 0.5
xpdf xpdf 0.91
xpdf xpdf 2.1
xpdf xpdf 0.92
xpdf xpdf 3.0.1
libextractor libextractor 0.3.9
xpdf xpdf 1.0a
xpdf xpdf 1.1
xpdf xpdf 2.0
libextractor libextractor 0.4
libextractor libextractor 0.3.7
libextractor libextractor 0.4.1
libextractor libextractor 0.4.2
libextractor libextractor 0.3.11
xpdf xpdf 0.93
xpdf xpdf 2.2
xpdf xpdf 3.0.1_pl1
xpdf xpdf 0.90
libextractor libextractor 0.3.8
debian debian_linux 3.1
xpdf xpdf 3.0_pl2
CVE-2006-1335 LOW

gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard sequence, which removes the grab from gnome.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome screensaver *
CVE-2006-2452 LOW

GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome gdm 2.14
gnome gdm 2.12
gnome gdm 2.15
gnome gdm 2.8
CVE-2006-2789 LOW

Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome evolution 2.3.5
gnome evolution 2.3.2
gnome evolution 2.3.6
gnome evolution 2.3.1
gnome evolution 2.3.3
gnome evolution 2.3.4
gnome evolution 2.3.6.1
gnome evolution 2.3.7
CVE-2006-3057 MEDIUM

Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) allows remote attackers to cause a denial of service (crash) via certain invalid DHCP responses that trigger memory corruption.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome dhcdbd 1.12
gnome dhcdbd 1.10
CVE-2006-7240 HIGH

gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gnome power_manager 2.14.0
CVE-2008-3533 HIGH

Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-134,

Products Affected

Vendor Product Version
gnome gnome 2.22
gnome yelp *
gnome gnome 2.20
CVE-2008-4316 MEDIUM

Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
gnome glib *
gnome glib 2.14.5
gnome glib 2.16.3
gnome glib 2.14.6
gnome glib 2.2.1
CVE-2008-7320 LOW

GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
gnome seahorse *
CVE-2009-3289 MEDIUM

The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
gnome glib 2.0
opensuse opensuse 11.0
opensuse opensuse 11.1
suse suse_linux_enterprise_server 11
CVE-2009-4641 HIGH

gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome screensaver 2.28.0
CVE-2009-4642 HIGH

gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome screensaver 2.26.1
CVE-2009-4997 HIGH

gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: this issue exists because of a regression that followed a gnome-power-manager fix a few years earlier.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gnome power_manager 2.27.92
CVE-2010-0285 MEDIUM

gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome screensaver 2.28.3
gnome screensaver 2.27
gnome screensaver 2.28.0
gnome screensaver 2.22.2
gnome screensaver 2.14.3
CVE-2010-0409 HIGH

Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodings.h in GMime before 2.4.15 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via input data for a uuencode operation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnome gmime 2.4.9
gnome gmime 2.4.5
gnome gmime 2.4.6
gnome gmime 2.4.12
gnome gmime 2.4.2
gnome gmime 2.4.4
gnome gmime 2.4.10
gnome gmime 2.4.3
gnome gmime 2.4.1
gnome gmime 2.4.0
gnome gmime 2.4.11
gnome gmime 2.4.7
gnome gmime 2.4.8
gnome gmime 2.4.13
CVE-2010-0414 HIGH

gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome screensaver 2.20
gnome screensaver 2.28.0
gnome screensaver 2.20.0
gnome screensaver *
gnome screensaver 2.13
gnome screensaver 2.26.1
CVE-2010-0421 MEDIUM

Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnome pango *
CVE-2010-0422 MEDIUM

gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to CVE-2010-0414.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome screensaver 2.28.2
gnome screensaver 2.28.1
gnome screensaver 2.28.0
CVE-2010-0732 MEDIUM

gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
gtk gtk+ *
gnome screensaver *
gnome gtk *
CVE-2010-3312 MEDIUM

Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome epiphany 2.28
gnome epiphany 2.29
CVE-2010-4000 MEDIUM

gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gnome gnome-shell 2.31.5
CVE-2010-4005 MEDIUM

The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for CVE-2005-4790.2.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
gnome tomboy *
gnome tomboy 1.0.1
gnome tomboy 1.2.2
gnome tomboy 1.5.1
gnome tomboy 1.4.2
CVE-2010-4831 MEDIUM

Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in GTK+ before 2.21.8 allows local users to gain privileges via a Trojan horse Wintab32.dll file in the current working directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,

Products Affected

Vendor Product Version
gnome gtk *
CVE-2010-4833 HIGH

Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability than CVE-2010-4831.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-426,

Products Affected

Vendor Product Version
gnome gtk *
CVE-2011-0020 HIGH

Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pango pango 1.5
pango pango 1.21
pango pango 1.26
pango pango 1.3
pango pango 1.15
pango pango 0.21
pango pango 1.8
pango pango 1.25
pango pango 0.23
pango pango 1.24
gnome pango 1.28.2
pango pango 1.18
pango pango 1.11
pango pango 0.20
pango pango 1.7
pango pango 1.4
pango pango 1.2
pango pango 1.12
pango pango 0.22
pango pango 1.6
pango pango 1.23
pango pango 0.24
pango pango 1.16
pango pango 1.27
gnome pango *
pango pango 1.10
pango pango 1.20
pango pango 1.13
pango pango 1.19
pango pango 1.1
gnome pango 1.28.1
pango pango 1.0
pango pango 1.9
pango pango 0.26
gnome pango 1.28.0
pango pango 0.25
pango pango 1.14
pango pango 1.17
pango pango 1.22
CVE-2011-0064 MEDIUM

The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome pango 1.28.3
mozilla firefox *
CVE-2011-0727 MEDIUM

GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gnome gdm 2.26
gnome gdm 2.2
gnome gdm 2.28
gnome gdm 2.30
gnome gdm 2.16
gnome gdm 2.22
gnome gdm 2.19
gnome gdm 2.17
gnome gdm 2.20
gnome gdm 2.4
gnome gdm 2.32
gnome gdm 2.14
gnome gdm 2.0
gnome gdm 2.13
gnome gdm 2.15
gnome gdm 2.21
gnome gdm 2.18
gnome gdm 2.27
gnome gdm 2.25
gnome gdm 2.31
gnome gdm 2.29
gnome gdm 2.6
gnome gdm 2.5
gnome gdm 2.24
gnome gdm 2.3
gnome gdm 2.23
gnome gdm 2.8
CVE-2011-1709 HIGH

GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gnome gdm 2.26
gnome gdm 2.2
gnome gdm 2.28
gnome gdm 2.30
gnome gdm 2.16
gnome gdm 2.22
gnome gdm 2.19
gnome gdm 2.32.1
gnome gdm 1.0
gnome gdm 2.17
gnome gdm 2.20
gnome gdm 2.4
gnome gdm 2.32
gnome gdm 2.14
gnome gdm 2.0
gnome gdm 2.13
gnome gdm 2.15
gnome gdm 2.21
gnome gdm 2.18
gnome gdm 2.27
gnome gdm 2.25
gnome gdm 2.31
gnome gdm 2.29
gnome gdm 2.6
gnome gdm 2.5
gnome gdm 2.24
gnome gdm 2.3
gnome gdm 2.23
gnome gdm 2.8
CVE-2011-1943 LOW

The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,

Products Affected

Vendor Product Version
fedoraproject fedora 15
gnome networkmanager *
CVE-2011-2176 LOW

GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-287,

Products Affected

Vendor Product Version
gnome networkmanager 0.8.1
gnome networkmanager 0.5.1
gnome networkmanager 0.7.0
gnome networkmanager 0.3.0
gnome networkmanager 0.4.1
gnome networkmanager 0.7.1
gnome networkmanager 0.6.1
gnome networkmanager 0.6.6
gnome networkmanager 0.2.0
gnome networkmanager *
gnome networkmanager 0.3.1
gnome networkmanager 0.8.2
gnome networkmanager 0.6.0
gnome networkmanager 0.6.2
gnome networkmanager 0.7.2
gnome networkmanager 0.5.0
CVE-2011-2485 MEDIUM

The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome gdk-pixbuf *
gnome gdk-pixbuf 2.22.1
CVE-2011-2524 MEDIUM

Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
gnome libsoup 2.2.91
gnome libsoup 2.2.0
gnome libsoup 2.3.0.1
gnome libsoup 2.2.94
gnome libsoup 2.4.1
gnome libsoup 2.28.1
gnome libsoup 2.27.4
gnome libsoup 2.29.91
gnome libsoup 2.25.2
gnome libsoup 2.3.4
gnome libsoup 2.24.0.1
gnome libsoup 2.28.0
gnome libsoup 2.2.1
gnome libsoup 2.25.91
gnome libsoup 2.23.1
gnome libsoup 2.27.1
gnome libsoup 2.33.4
gnome libsoup 2.2.93
gnome libsoup 2.32.1
gnome libsoup 2.2.5
gnome libsoup 2.32.2
gnome libsoup 2.23.6
gnome libsoup 2.2.2
gnome libsoup 2.2.4
gnome libsoup 2.34.1
gnome libsoup 2.23.91
gnome libsoup 2.25.3
gnome libsoup 2.26.1
gnome libsoup 2.29.5
gnome libsoup 2.27.5
gnome libsoup 2.30.1
gnome libsoup 2.2.100
gnome libsoup 2.33.92
gnome libsoup 2.23.92
gnome libsoup 2.3.2
gnome libsoup 2.2.104
gnome libsoup 2.27.92
gnome libsoup *
gnome libsoup 2.2
gnome libsoup 2.31.92
gnome libsoup 2.24.1
gnome libsoup 2.2.3
gnome libsoup 2.30.0
gnome libsoup 2.34.0
gnome libsoup 2.31.90
gnome libsoup 2.2.7
gnome libsoup 2.29.3
gnome libsoup 2.25.4
gnome libsoup 2.2.103
gnome libsoup 2.29.6
gnome libsoup 2.0
gnome libsoup 2.33.90
gnome libsoup 2.27.90
gnome libsoup 2.2.99
gnome libsoup 2.4.0
gnome libsoup 2.27.91
gnome libsoup 2.2.97
gnome libsoup 2.2.101
gnome libsoup 2.2.92
gnome libsoup 2.26.0
gnome libsoup 2.2.98
gnome libsoup 2.25.5
gnome libsoup 2.2.6
gnome libsoup 2.2.102
gnome libsoup 2.31.2
gnome libsoup 2.29.90
gnome libsoup 2.33.5
gnome libsoup 2.27.2
gnome libsoup 2.33.6
gnome libsoup 2.31.6
gnome libsoup 2.2.6.1
gnome libsoup 2.2.96
gnome libsoup 2.32.0
gnome libsoup 2.2.95.1
CVE-2011-3193 HIGH

Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
redhat enterprise_linux_workstation 5.0
opensuse opensuse 11.4
gnome pango *
canonical ubuntu_linux 11.04
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 4.0
qt qt *
opensuse opensuse 11.3
redhat enterprise_linux_workstation 4.0
redhat enterprise_linux_server 5.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_eus 6.1
canonical ubuntu_linux 10.04
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_desktop 4.0
redhat enterprise_linux_desktop 6.0
CVE-2011-3201 MEDIUM

GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
gnome evolution 1.4
gnome evolution 1.4.6
gnome evolution 2.3.2
oracle solaris 11.2
redhat enterprise_linux_workstation 6.0
gnome evolution 1.2.4
gnome evolution 2.6
gnome evolution 2.3.5
gnome evolution 2.3.6
gnome evolution 2.32.3
gnome evolution 2.22.1
gnome evolution 1.4.4
gnome evolution 2.8.1
redhat enterprise_linux_desktop 6.0
gnome evolution 2.4
gnome evolution 1.2
gnome evolution 1.2.1
gnome evolution 1.5
gnome evolution 2.2
gnome evolution 2.0.2
gnome evolution 1.11
gnome evolution 2.3.4
gnome evolution 1.2.2
gnome evolution 2.30.3
gnome evolution 1.4.3
gnome evolution 2.0
gnome evolution 1.4.5
gnome evolution 2.4.2.1
gnome evolution 2.10.3
gnome evolution 2.24.5
gnome evolution 2.26.3
gnome evolution 2.2.1
gnome evolution 2.24
gnome evolution *
gnome evolution 2.3.3
redhat enterprise_linux_server 6.0
gnome evolution 2.3.1
gnome evolution 2.12
gnome evolution 2.0.0
gnome evolution 2.22.3
gnome evolution 1.0.8
gnome evolution 2.0.1
gnome evolution 2.28.3.1
gnome evolution 2.1
gnome evolution 2.3.7
gnome evolution 2.26.1
gnome evolution 1.2.3
gnome evolution 2.12.3
gnome evolution 2.3.6.1
CVE-2011-3364 MEDIUM

Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome ifcfg-rh_plug-in *
CVE-2011-3635 MEDIUM

Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
gnome empathy 2.91.4.2
gnome empathy 2.29.91
gnome empathy 0.14
gnome empathy 3.1.90.1
gnome empathy *
gnome empathy 2.91.1
gnome empathy 2.91.93
gnome empathy 2.29.91.1
gnome empathy 2.27.1.1
gnome empathy 2.33.1
gnome empathy 3.1.92
gnome empathy 0.9
gnome empathy 2.32.0
gnome empathy 0.11
gnome empathy 2.28.1.1
gnome empathy 2.30.1.1
gnome empathy 0.4
gnome empathy 0.22.1
gnome empathy 2.30.0
gnome empathy 0.23.4
gnome empathy 2.27.91.1
gnome empathy 2.25.3
gnome empathy 2.91.92
gnome empathy 2.25.90
gnome empathy 2.27.1
gnome empathy 2.29.2
gnome empathy 2.27.5
gnome empathy 2.31.3
gnome empathy 0.12
gnome empathy 0.21.2
gnome empathy 2.29.6
gnome empathy 2.91.2
gnome empathy 3.0.2
gnome empathy 2.31.1
gnome empathy 2.33.3
gnome empathy 3.1.90
gnome empathy 0.21.5.1
gnome empathy 0.21.5.2
gnome empathy 2.91.3.1
gnome empathy 2.28.1.2
gnome empathy 3.1.3
gnome empathy 2.26.2
gnome empathy 2.26.1
gnome empathy 2.91.4.3
gnome empathy 2.31.92
gnome empathy 2.32.2
gnome empathy 0.6
gnome empathy 2.23.90
gnome empathy 0.21.90
gnome empathy 3.0.0
gnome empathy 0.21.5
gnome empathy 2.27.2
gnome empathy 2.23.91
gnome empathy 0.1
gnome empathy 0.22.0
gnome empathy 2.26.0
gnome empathy 3.0.1
gnome empathy 2.91.3
gnome empathy 2.91.6
gnome empathy 3.1.5.1
gnome empathy 2.29.93
gnome empathy 2.33.4
gnome empathy 3.1.2
gnome empathy 2.91.4.1
gnome empathy 2.91.90.2
gnome empathy 2.30.3
gnome empathy 2.23.92
gnome empathy 2.25.91
gnome empathy 0.23.3
gnome empathy 0.21.91
gnome empathy 0.5
gnome empathy 2.25.92
gnome empathy 2.24.0
gnome empathy 2.91.5.1
gnome empathy 2.29.90
gnome empathy 2.27.4
gnome empathy 0.21.1
gnome empathy 2.31.2
gnome empathy 2.29.91.2
gnome empathy 2.30.0.2
gnome empathy 2.31.91
gnome empathy 2.28.0.1
gnome empathy 3.1.1
gnome empathy 2.29.3
gnome empathy 3.1.4
gnome empathy 2.30.0.1
gnome empathy 2.91.90.1
gnome empathy 0.21.3
gnome empathy 3.1.91
gnome empathy 2.31.90
gnome empathy 2.25.4
gnome empathy 2.29.5.1
gnome empathy 3.1.2.1
gnome empathy 2.29.92
gnome empathy 2.27.92
gnome empathy 0.2
gnome empathy 0.3
gnome empathy 2.31.4
gnome empathy 2.29.4
gnome empathy 0.7
gnome empathy 2.29.1
gnome empathy 0.21.4
gnome empathy 2.91.6.1
gnome empathy 2.91.5
gnome empathy 2.25.2
gnome empathy 2.31.5
gnome empathy 2.27.3
gnome empathy 3.2.0.1
gnome empathy 2.31.5.1
gnome empathy 2.28.0
gnome empathy 3.1.5
gnome empathy 2.28.2
gnome empathy 2.91.91.1
gnome empathy 2.26.0.1
gnome empathy 2.32.1
gnome empathy 0.23.1
gnome empathy 2.32.0.1
gnome empathy 2.33.2
gnome empathy 0.13
gnome empathy 2.91.90
gnome empathy 2.91.4
gnome empathy 2.31.6
gnome empathy 2.34.0
gnome empathy 2.28.1
gnome empathy 2.91.0
gnome empathy 2.29.5
gnome empathy 0.23.2
gnome empathy 2.24.1
gnome empathy 2.91.91
gnome empathy 2.30.1
gnome empathy 2.30.2
gnome empathy 0.8
gnome empathy 2.23.6
gnome empathy 2.27.91
CVE-2011-4170 MEDIUM

Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
gnome empathy 2.91.4.2
gnome empathy 2.29.91
gnome empathy 0.14
gnome empathy 3.1.90.1
gnome empathy *
gnome empathy 2.91.1
gnome empathy 2.91.93
gnome empathy 2.29.91.1
gnome empathy 2.27.1.1
gnome empathy 2.33.1
gnome empathy 3.1.92
gnome empathy 0.9
gnome empathy 2.32.0
gnome empathy 0.11
gnome empathy 2.28.1.1
gnome empathy 2.30.1.1
gnome empathy 0.4
gnome empathy 0.22.1
gnome empathy 2.30.0
gnome empathy 0.23.4
gnome empathy 2.27.91.1
gnome empathy 2.25.3
gnome empathy 2.91.92
gnome empathy 2.25.90
gnome empathy 2.27.1
gnome empathy 2.29.2
gnome empathy 2.27.5
gnome empathy 2.31.3
gnome empathy 0.12
gnome empathy 0.21.2
gnome empathy 2.29.6
gnome empathy 2.91.2
gnome empathy 3.0.2
gnome empathy 2.31.1
gnome empathy 2.33.3
gnome empathy 3.1.90
gnome empathy 0.21.5.1
gnome empathy 0.21.5.2
gnome empathy 2.91.3.1
gnome empathy 2.28.1.2
gnome empathy 3.1.3
gnome empathy 2.26.2
gnome empathy 2.26.1
gnome empathy 2.91.4.3
gnome empathy 2.31.92
gnome empathy 2.32.2
gnome empathy 0.6
gnome empathy 2.23.90
gnome empathy 0.21.90
gnome empathy 3.0.0
gnome empathy 0.21.5
gnome empathy 2.27.2
gnome empathy 2.23.91
gnome empathy 0.1
gnome empathy 0.22.0
gnome empathy 2.26.0
gnome empathy 3.0.1
gnome empathy 2.91.3
gnome empathy 2.91.6
gnome empathy 3.1.5.1
gnome empathy 2.29.93
gnome empathy 2.33.4
gnome empathy 3.1.2
gnome empathy 2.91.4.1
gnome empathy 2.91.90.2
gnome empathy 2.30.3
gnome empathy 2.23.92
gnome empathy 2.25.91
gnome empathy 0.23.3
gnome empathy 0.21.91
gnome empathy 0.5
gnome empathy 2.25.92
gnome empathy 2.24.0
gnome empathy 2.91.5.1
gnome empathy 2.29.90
gnome empathy 2.27.4
gnome empathy 0.21.1
gnome empathy 2.31.2
gnome empathy 2.29.91.2
gnome empathy 2.30.0.2
gnome empathy 2.31.91
gnome empathy 2.28.0.1
gnome empathy 3.1.1
gnome empathy 2.29.3
gnome empathy 3.1.4
gnome empathy 2.30.0.1
gnome empathy 2.91.90.1
gnome empathy 0.21.3
gnome empathy 3.1.91
gnome empathy 2.31.90
gnome empathy 2.25.4
gnome empathy 2.29.5.1
gnome empathy 3.1.2.1
gnome empathy 2.29.92
gnome empathy 2.27.92
gnome empathy 0.2
gnome empathy 0.3
gnome empathy 2.31.4
gnome empathy 2.29.4
gnome empathy 0.7
gnome empathy 2.29.1
gnome empathy 0.21.4
gnome empathy 2.91.6.1
gnome empathy 2.91.5
gnome empathy 2.25.2
gnome empathy 2.31.5
gnome empathy 2.27.3
gnome empathy 3.2.0.1
gnome empathy 2.31.5.1
gnome empathy 2.28.0
gnome empathy 3.1.5
gnome empathy 2.28.2
gnome empathy 2.91.91.1
gnome empathy 2.26.0.1
gnome empathy 2.32.1
gnome empathy 0.23.1
gnome empathy 2.32.0.1
gnome empathy 2.33.2
gnome empathy 0.13
gnome empathy 2.91.90
gnome empathy 2.91.4
gnome empathy 2.31.6
gnome empathy 2.34.0
gnome empathy 2.28.1
gnome empathy 2.91.0
gnome empathy 2.29.5
gnome empathy 0.23.2
gnome empathy 2.24.1
gnome empathy 2.91.91
gnome empathy 2.30.1
gnome empathy 2.30.2
gnome empathy 0.8
gnome empathy 2.23.6
gnome empathy 2.27.91
CVE-2012-0039 MEDIUM

GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
gnome glib 2.21.2
gnome glib 2.21.5
gnome glib 2.7.5
gnome glib 2.14.4
gnome glib 1.2.1
gnome glib 2.15.4
gnome glib 2.3.3
gnome glib 2.10.2
gnome glib 2.20.1
gnome glib 2.14.5
gnome glib 2.22.3
gnome glib 2.8.6
gnome glib 2.30.2
gnome glib 2.4.0
gnome glib 2.5.2
gnome glib 1.3.14
gnome glib 2.4.1
gnome glib 2.27.5
gnome glib 2.8.0
gnome glib 2.28.3
gnome glib 2.0.2
gnome glib 2.17.4
gnome glib 2.25.17
gnome glib 2.19.9
gnome glib 2.29.14
gnome glib 2.25.10
gnome glib 2.6.6
gnome glib 2.1.1
gnome glib 2.16.2
gnome glib 2.19.2
gnome glib 2.25.2
gnome glib 2.29.92
gnome glib 1.3.9
gnome glib 2.24.1
gnome glib 2.6.0
gnome glib 2.3.1
gnome glib 2.16.1
gnome glib 2.25.6
gnome glib 2.0.1
gnome glib 1.1.12-1
gnome glib 2.3.0
gnome glib 2.25.13
gnome glib 2.27.90
gnome glib 2.3.2
gnome glib 2.15.6
gnome glib 2.22.2
gnome glib 2.0.3
gnome glib 2.13.0
gnome glib 2.27.0
gnome glib 2.29.2
gnome glib 2.25.4
gnome glib 2.18.3
gnome glib 2.5.1
gnome glib 2.25.3
gnome glib 2.12.4
gnome glib 2.17.1
gnome glib 1.1.12
gnome glib 2.16.0
gnome glib 2.25.8
gnome glib 2.29.8
gnome glib 2.24.0
gnome glib 2.17.5
gnome glib 2.3.4
gnome glib 2.1.5
gnome glib 2.25.11
gnome glib 2.0.7
gnome glib 1.2.7
gnome glib 2.13.1
gnome glib *
gnome glib 2.14.6
gnome glib 2.7.0
gnome glib 2.27.1
gnome glib 2.4.3
gnome glib 2.23.4
gnome glib 2.12.9
gnome glib 2.12.12
gnome glib 2.9.4
gnome glib 2.1.4
gnome glib 1.3.12
gnome glib 2.4.4
gnome glib 2.22.5
gnome glib 2.9.3
gnome glib 1.1.15
gnome glib 2.12.7
gnome glib 2.28.5
gnome glib 1.3.15
gnome glib 2.31.2
gnome glib 2.29.12
gnome glib 2.20.4
gnome glib 2.23.5
gnome glib 2.27.4
gnome glib 2.29.4
gnome glib 2.7.3
gnome glib 2.8.4
gnome glib 1.2.0
gnome glib 2.14.2
gnome glib 2.12.8
gnome glib 2.19.7
gnome glib 1.3.13
gnome glib 2.2.0
gnome glib 2.13.7
gnome glib 2.4.5
gnome glib 2.9.0
gnome glib 2.7.2
gnome glib 2.24.2
gnome glib 2.4.8
gnome glib 2.5.3
gnome glib 2.5.6
gnome glib 2.18.0
gnome glib 2.12.3
gnome glib 2.12.6
gnome glib 2.23.1
gnome glib 2.14.3
gnome glib 2.5.4
gnome glib 2.13.4
gnome glib 2.4.7
gnome glib 2.21.1
gnome glib 2.18.4
gnome glib 2.0.0
gnome glib 2.31.6
gnome glib 2.8.3
gnome glib 2.17.3
gnome glib 2.7.4
gnome glib 2.19.0
gnome glib 2.8.1
gnome glib 2.19.4
gnome glib 2.15.5
gnome glib 2.19.10
gnome glib 2.3.6
gnome glib 2.29.18
gnome glib 2.27.92
gnome glib 2.28.2
gnome glib 2.1.0
gnome glib 2.20.5
gnome glib 2.16.3
gnome glib 2.14.0
gnome glib 1.2.5
gnome glib 2.7.6
gnome glib 2.11.2
gnome glib 2.31.4
gnome glib 2.17.7
gnome glib 2.25.12
gnome glib 2.5.5
gnome glib 1.2.2
gnome glib 2.15.0
gnome glib 2.27.3
gnome glib 1.2.3
gnome glib 2.8.5
gnome glib 2.22.1
gnome glib 2.2.1
gnome glib 2.25.1
gnome glib 2.21.4
gnome glib 2.9.1
gnome glib 2.25.9
gnome glib 2.27.91
gnome glib 2.12.10
gnome glib 2.25.16
gnome glib 2.30.1
gnome glib 2.30.0
gnome glib 2.27.93
gnome glib 2.19.5
gnome glib 2.15.3
gnome glib 2.16.6
gnome glib 2.17.2
gnome glib 1.2.6
gnome glib 1.3.11
gnome glib 2.2.2
gnome glib 2.11.0
gnome glib 2.12.0
gnome glib 2.21.0
gnome glib 2.29.16
gnome glib 2.12.13
gnome glib 2.0.5
gnome glib 2.17.0
gnome glib 1.2.4
gnome glib 1.2.9
gnome glib 2.11.3
gnome glib 2.25.0
gnome glib 2.29.10
gnome glib 2.28.8
gnome glib 2.2.3
gnome glib 2.18.2
gnome glib 2.29.6
gnome glib 2.0
gnome glib 2.28.7
gnome glib 2.4.2
gnome glib 2.29.90
gnome glib 2.10.0
gnome glib 2.7.7
gnome glib 1.2.10
gnome glib 2.20.3
gnome glib 2.12.1
gnome glib 2.19.8
gnome glib 2.22.0
gnome glib 2.3.5
gnome glib 2.25.14
gnome glib 2.31.0
gnome glib 2.1.3
gnome glib 2.9.5
gnome glib 2.9.2
gnome glib 2.19.6
gnome glib 2.16.4
gnome glib 2.28
gnome glib 2.25.15
gnome glib 2.5.7
gnome glib 2.6.3
gnome glib 2.20.2
gnome glib 2.17.6
gnome glib 2.1.2
gnome glib 2.26.1
gnome glib 2.23.3
gnome glib 2.13.3
gnome glib 2.6.2
gnome glib 2.0.4
gnome glib 2.20.0
gnome glib 2.13.6
gnome glib 2.0.6
gnome glib 2.9.6
gnome glib 2.27.2
gnome glib 2.19.3
gnome glib 2.18.1
gnome glib 2.12.2
gnome glib 2.15.2
gnome glib 2.28.0
gnome glib 2.5.0
gnome glib 2.13.2
gnome glib 2.6.1
gnome glib 2.7.1
gnome glib 2.21.6
gnome glib 2.19.1
gnome glib 2.13.5
gnome glib 2.25.5
gnome glib 2.6.5
gnome glib 2.22.4
gnome glib 2.10.1
gnome glib 2.12.5
gnome glib 2.21.3
gnome glib 2.28.6
gnome glib 2.26.0
gnome glib 2.11.1
gnome glib 2.23.0
gnome glib 2.8.2
gnome glib 2.28.4
gnome glib 1.2.8
gnome glib 2.12.11
gnome glib 2.14.1
gnome glib 2.23.6
gnome glib 1.3.10
gnome glib 2.6.4
gnome glib 2.11.4
gnome glib 2.4.6
gnome glib 2.23.2
gnome glib 2.10.3
gnome glib 2.15.1
gnome glib 2.16.5
gnome glib 2.28.1
gnome glib 2.25.7
CVE-2012-0948 LOW

DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
canonical ubuntu_linux 11.04
canonical ubuntu_linux 11.10
gnome update-manager-core 0.152.25.10
gnome update-manager-core 0.150.5.2
canonical ubuntu_linux 12.04
gnome update-manager-core 0.156.14.3
CVE-2012-2370 MEDIUM

Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
gnome gdk-pixbuf 2.23.4
gnome gdk-pixbuf *
gnome gdk-pixbuf 2.24.1
gnome gdk-pixbuf 2.23.3
gnome gdk-pixbuf 2.25.2
gnome gdk-pixbuf 2.24.0
gnome gdk-pixbuf 2.23.5
gnome gdk-pixbuf 2.25.0
CVE-2012-3355 LOW

(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.

CVSS 2.0

Severity: LOW

Problem Type: CWE-94,

Products Affected

Vendor Product Version
gnome rhythmbox 0.8.7
gnome rhythmbox 0.12.4
gnome rhythmbox 0.5.2
gnome rhythmbox 0.12.1
gnome rhythmbox 0.6.1
gnome rhythmbox *
gnome rhythmbox 0.8.0
gnome rhythmbox 0.6.3
gnome rhythmbox 0.9.3.1
gnome rhythmbox 0.7.2
gnome rhythmbox 0.9.1
gnome rhythmbox 0.12.2
gnome rhythmbox 0.11.5
gnome rhythmbox 0.9.0
gnome rhythmbox 0.8.8
gnome rhythmbox 0.9.3
gnome rhythmbox 0.9.2
gnome rhythmbox 0.13.0
gnome rhythmbox 0.6.2
gnome rhythmbox 0.12.3
gnome rhythmbox 0.5.88
gnome rhythmbox 0.9.8
gnome rhythmbox 0.10.0.90
gnome rhythmbox 0.12.5
gnome rhythmbox 0.7.1
gnome rhythmbox 0.5.4
gnome rhythmbox 0.11.6
gnome rhythmbox 0.12.0
gnome rhythmbox 0.9.4.1
gnome rhythmbox 0.8.1
gnome rhythmbox 0.11.2
gnome rhythmbox 0.5.3
gnome rhythmbox 0.11.0
gnome rhythmbox 0.6.5
gnome rhythmbox 0.8.5
gnome rhythmbox 0.10.1
gnome rhythmbox 0.6.4
gnome rhythmbox 0.12.8
gnome rhythmbox 0.8.4
gnome rhythmbox 0.12.6
gnome rhythmbox 0.10.0
gnome rhythmbox 0.9.6.90
gnome rhythmbox 0.6.0
gnome rhythmbox 0.6.8
gnome rhythmbox 0.8.2
gnome rhythmbox 0.9.7
gnome rhythmbox 0.8.6
gnome rhythmbox 0.13.1
gnome rhythmbox 0.5.0
gnome rhythmbox 0.8.3
gnome rhythmbox 0.11.4
gnome rhythmbox 0.7.0
gnome rhythmbox 0.12.7
gnome rhythmbox 0.13.2
gnome rhythmbox 0.6.6
gnome rhythmbox 0.11.3
gnome rhythmbox 0.9.6
gnome rhythmbox 0.5.1
gnome rhythmbox 0.6.7
gnome rhythmbox 0.9.4
gnome rhythmbox 0.9.5
gnome rhythmbox 0.11.1
CVE-2012-6111 MEDIUM

gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
gnome gnome_keyring 3.2
gnome gnome_keyring 3.4
CVE-2013-0240 MEDIUM

Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
gnome gnome_online_accounts 3.7.1
gnome gnome_online_accounts 3.7.2
gnome gnome_online_accounts 3.7.4
gnome gnome_online_accounts 3.4.0
gnome gnome_online_accounts 3.6.1
gnome gnome_online_accounts 3.4.1
canonical ubuntu_linux 12.10
gnome gnome_online_accounts 3.6.2
gnome gnome_online_accounts 3.7.3
canonical ubuntu_linux 11.10
canonical ubuntu_linux 12.04
gnome gnome_online_accounts 3.6.0
CVE-2013-1050 HIGH

The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gnome gnome_screensaver 3.5.5
gnome gnome_screensaver 3.6.0
gnome gnome_screensaver 3.5.4
CVE-2013-1799 MEDIUM

Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
gnome gnome_online_accounts 3.7.1
gnome gnome_online_accounts 3.7.2
gnome gnome_online_accounts 3.7.4
gnome gnome_online_accounts 3.7.3
canonical ubuntu_linux 11.10
gnome gnome_online_accounts 3.6.1
canonical ubuntu_linux 12.04
canonical ubuntu_linux 12.10
gnome gnome_online_accounts 3.6.2
gnome gnome_online_accounts 3.6.0
gnome gnome_online_accounts 3.7.90
CVE-2013-1881 MEDIUM

GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gnome librsvg 2.34.2
gnome librsvg 2.2.1
gnome librsvg 2.12.4
gnome librsvg 2.1.4
gnome librsvg 2.12.6
gnome librsvg 2.1.0
gnome librsvg *
gnome librsvg 2.16.0
gnome librsvg 2.18.0
gnome librsvg 2.13.92
gnome librsvg 2.22.2
gnome librsvg 1.1.3
gnome librsvg 2.35.2
gnome librsvg 2.32.0
gnome librsvg 2.26.1
gnome librsvg 1.0.1
gnome librsvg 2.14.1
gnome librsvg 2.36.1
gnome librsvg 2.2.2
gnome librsvg 1.0.2
gnome librsvg 2.15.90
gnome librsvg 2.14.4
gnome librsvg 1.1.4
gnome librsvg 2.35.0
gnome librsvg 2.22.0
gnome librsvg 2.36.3
gnome librsvg 2.13.93
gnome librsvg 2.36.2
gnome librsvg 2.12.7
gnome librsvg 2.12.3
gnome librsvg 2.1.2
gnome librsvg 2.13.2
gnome librsvg 2.18.1
gnome librsvg 2.12.1
gnome librsvg 2.11.1
gnome librsvg 2.13.91
gnome librsvg 2.14.2
gnome librsvg 2.14.0
gnome librsvg 2.34.0
gnome librsvg 2.2.0
gnome librsvg 2.1.3
gnome librsvg 2.32.1
gnome librsvg 2.22.1
gnome librsvg 2.26.0
gnome librsvg 2.35.1
gnome librsvg 1.0.3
gnome librsvg 2.2.5
gnome librsvg 2.12.5
gnome librsvg 2.0.0
gnome librsvg 2.16.1
gnome librsvg 2.13.1
gnome librsvg 2.34.1
gnome librsvg 2.2.4
gnome librsvg 2.13.5
gnome librsvg 2.13.3
gnome librsvg 2.3.1
gnome librsvg 2.22.3
gnome librsvg 1.1.6
gnome librsvg 2.1.1
gnome librsvg 2.36.0
gnome librsvg 2.11.0
gnome librsvg 2.1.5
gnome librsvg 2.12.0
gnome librsvg 2.26.2
gnome librsvg 2.13.4
gnome librsvg 2.18.2
gnome librsvg 1.1.1
gnome librsvg 2.12.2
gnome librsvg 1.1.5
gnome librsvg 2.0.1
gnome librsvg 2.20.0
gnome librsvg 2.13.90
gnome librsvg 1.0.0
gnome librsvg 1.1.2
gnome librsvg 2.2.3
gnome librsvg 2.3.0
gnome librsvg 2.13.0
gnome librsvg 2.14.3
gnome librsvg 2.15.0
gnome librsvg 2.26.3
gnome librsvg 2.31.0
CVE-2013-3718 MEDIUM

evince is missing a check on number of pages which can lead to a segmentation fault

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 10.0
debian debian_linux 9.0
gnome evince 3.9.2
opensuse opensuse 13.1
gnome evince 3.8.2
redhat enterprise_linux 5.0
CVE-2013-4166 MEDIUM

The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 6.0
gnome evolution_data_server *
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 6.0
gnome evolution *
CVE-2013-4169 MEDIUM

GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gnome gnome_display_manager 2.18.3
gnome gnome_display_manager 2.14.3
gnome gnome_display_manager 2.18.1
gnome gnome_display_manager 2.16.1
gnome gnome_display_manager 2.20.8
gnome gnome_display_manager 2.13
gnome gnome_display_manager 2.14.6
gnome gnome_display_manager 2.18
gnome gnome_display_manager 2.19.2
gnome gnome_display_manager 2.20.10
gnome gnome_display_manager 2.19
gnome gnome_display_manager 2.20.4
gnome gnome_display_manager 2.14.8
gnome gnome_display_manager 2.17
gnome gnome_display_manager 2.14.11
gnome gnome_display_manager 2.15
gnome gnome_display_manager 2.20.9
gnome gnome_display_manager 2.14.4
gnome gnome_display_manager 2.16.2
gnome gnome_display_manager 2.20.6
gnome gnome_display_manager 2.20.7
gnome gnome_display_manager 2.14
gnome gnome_display_manager 2.14.2
gnome gnome_display_manager 2.2
gnome gnome_display_manager 1.0
gnome gnome_display_manager 2.14.10
gnome gnome_display_manager 2.20.5
gnome gnome_display_manager 2.14.5
gnome gnome_display_manager 2.19.3
gnome gnome_display_manager 2.14.1
gnome gnome_display_manager 2.20.0
gnome gnome_display_manager *
gnome gnome_display_manager 2.19.4
gnome gnome_display_manager 2.14.9
gnome gnome_display_manager 2.18.2
gnome gnome_display_manager 2.20.3
gnome gnome_display_manager 0.7
gnome gnome_display_manager 2.0
gnome gnome_display_manager 2.14.12
gnome gnome_display_manager 2.20.1
gnome gnome_display_manager 2.20.2
gnome gnome_display_manager 2.19.1
gnome gnome_display_manager 2.14.7
gnome gnome_display_manager 2.16
CVE-2013-4245 MEDIUM

Orca has arbitrary code execution due to insecure Python module load

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 8.0
gnome orca -
debian debian_linux 9.0
CVE-2013-6836 MEDIUM

Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnome gnumeric 1.12.7
gnome gnumeric 1.12.0
gnome gnumeric 1.12.6
gnome gnumeric 1.12.2
gnome gnumeric 1.12.4
gnome gnumeric 1.12.3
gnome gnumeric 1.12.1
gnome gnumeric 1.12.5
gnome gnumeric *
CVE-2013-7220 MEDIUM

js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome gnome-shell 3.1.4
gnome gnome-shell 3.7.3
gnome gnome-shell 3.7.2
gnome gnome-shell 3.6.2
gnome gnome-shell 3.3.2
gnome gnome-shell 3.4.2
gnome gnome-shell 3.6.3
gnome gnome-shell 3.7.2.1
gnome gnome-shell 3.1.3
gnome gnome-shell 3.5.3
gnome gnome-shell 3.5.4
gnome gnome-shell *
gnome gnome-shell 3.3.91
gnome gnome-shell 3.1.91
gnome gnome-shell 3.3.5
gnome gnome-shell 3.0.0.2
gnome gnome-shell 3.7.4
gnome gnome-shell 3.7.5
gnome gnome-shell 3.6.3.1
gnome gnome-shell 3.7.91
gnome gnome-shell 3.4.1
gnome gnome-shell 3.0.1
gnome gnome-shell 3.3.92
gnome gnome-shell 3.4.0
gnome gnome-shell 3.0.0
gnome gnome-shell 3.6.1
gnome gnome-shell 3.0.0.1
gnome gnome-shell 3.5.2
gnome gnome-shell 3.5.92
gnome gnome-shell 3.1.91.1
gnome gnome-shell 3.6.0
gnome gnome-shell 3.0.2
gnome gnome-shell 3.7.4.1
gnome gnome-shell 3.1.90.1
gnome gnome-shell 3.5.90
gnome gnome-shell 3.3.90
gnome gnome-shell 3.2.2.1
gnome gnome-shell 3.2.1
gnome gnome-shell 3.1.90
gnome gnome-shell 3.2.0
gnome gnome-shell 3.3.3
gnome gnome-shell 3.2.2
gnome gnome-shell 3.7.3.1
gnome gnome-shell 3.7.1
gnome gnome-shell 3.1.92
gnome gnome-shell 3.5.91
CVE-2013-7221 MEDIUM

The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gnome gnome-shell 3.1.4
gnome gnome-shell 3.9.3
gnome gnome-shell 3.9.1
gnome gnome-shell 3.8.0.1
gnome gnome-shell 3.6.2
gnome gnome-shell 3.3.2
gnome gnome-shell 3.7.2.1
gnome gnome-shell 3.5.3
gnome gnome-shell 3.5.4
gnome gnome-shell *
gnome gnome-shell 3.7.5
gnome gnome-shell 3.6.3.1
gnome gnome-shell 3.4.1
gnome gnome-shell 3.9.90
gnome gnome-shell 3.4.0
gnome gnome-shell 3.0.0
gnome gnome-shell 3.6.1
gnome gnome-shell 3.5.92
gnome gnome-shell 3.6.0
gnome gnome-shell 3.7.4.1
gnome gnome-shell 3.1.90.1
gnome gnome-shell 3.8.1
gnome gnome-shell 3.2.2.1
gnome gnome-shell 3.2.1
gnome gnome-shell 3.2.0
gnome gnome-shell 3.3.3
gnome gnome-shell 3.2.2
gnome gnome-shell 3.7.3.1
gnome gnome-shell 3.5.91
gnome gnome-shell 3.7.3
gnome gnome-shell 3.7.2
gnome gnome-shell 3.8.4
gnome gnome-shell 3.4.2
gnome gnome-shell 3.6.3
gnome gnome-shell 3.1.3
gnome gnome-shell 3.3.91
gnome gnome-shell 3.1.91
gnome gnome-shell 3.3.5
gnome gnome-shell 3.0.0.2
gnome gnome-shell 3.7.4
gnome gnome-shell 3.9.91
gnome gnome-shell 3.9.5
gnome gnome-shell 3.7.91
gnome gnome-shell 3.7.92
gnome gnome-shell 3.9.4
gnome gnome-shell 3.0.1
gnome gnome-shell 3.3.92
gnome gnome-shell 3.0.0.1
gnome gnome-shell 3.5.2
gnome gnome-shell 3.1.91.1
gnome gnome-shell 3.8.3
gnome gnome-shell 3.0.2
gnome gnome-shell 3.5.90
gnome gnome-shell 3.3.90
gnome gnome-shell 3.8.2
gnome gnome-shell 3.1.90
gnome gnome-shell 3.9.2
gnome gnome-shell 3.7.1
gnome gnome-shell 3.1.92
gnome gnome-shell 3.8.0
CVE-2013-7273 LOW

GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
gnome gnome_display_manager 3.0.4
gnome gnome_display_manager 3.1.90
gnome gnome_display_manager 3.1.91
gnome gnome_display_manager 3.2.0
gnome gnome_display_manager 3.4.0
gnome gnome_display_manager 3.0.0
gnome gnome_display_manager 3.2.1.1
gnome gnome_display_manager 3.1.92
gnome gnome_display_manager *
gnome gnome_display_manager 3.0.3
gnome gnome_display_manager 3.2.1
gnome gnome_display_manager 3.3.92.1
gnome gnome_display_manager 3.1.2
gnome gnome_display_manager 3.0.2
gnome gnome_display_manager 3.3.92
gnome gnome_display_manager 3.4.0.1
CVE-2014-1949 HIGH

GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
canonical ubuntu 14.04
gnome gtk *
linuxmint linux_mint 17.0
CVE-2014-7300 HIGH

GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
gnome gnome-shell 3.14.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_hpc_node 7.0
CVE-2014-8154 HIGH

The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnome vala 0.26.0
opensuse opensuse 13.2
gnome vala 0.26.1
CVE-2015-0272 MEDIUM

GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
suse linux_enterprise_real_time_extension 11
suse linux_enterprise_software_development_kit 12
gnome networkmanager *
suse linux_enterprise_server 11
suse linux_enterprise_software_development_kit 11
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_debuginfo 11
canonical ubuntu_linux 12.04
oracle linux 7
suse linux_enterprise_desktop 11
suse linux_enterprise_server 12
suse linux_enterprise_desktop 12
CVE-2015-0552 MEDIUM

Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by "\tmp\moo."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
opensuse opensuse 13.1
gnome gcab 0.4
opensuse opensuse 13.2
CVE-2015-2675 MEDIUM

The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnome librest 0.7.92
CVE-2015-2785 HIGH

The GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap write and crash) or possibly execute arbitrary code via a crafted Byzanz debug data recording (ByzanzRecording file) to the byzanz-playback command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnome byzanz *
CVE-2015-4491 MEDIUM

Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
canonical ubuntu_linux 15.04
oracle solaris 10
oracle solaris 11.3
gnome gdk-pixbuf *
opensuse opensuse 13.1
canonical ubuntu_linux 14.04
fedoraproject fedora 22
canonical ubuntu_linux 12.04
opensuse opensuse 13.2
fedoraproject fedora 21
CVE-2015-7496 HIGH

GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
fedoraproject fedora 23
gnome gnome_display_manager *
CVE-2015-7557 MEDIUM

The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gnome librsvg *
CVE-2015-7558 MEDIUM

librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 8.0
gnome librsvg *
CVE-2015-7673 MEDIUM

io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnome gdk-pixbuf *
opensuse opensuse 13.2
CVE-2015-7674 MEDIUM

Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
canonical ubuntu_linux 15.04
gnome gdk-pixbuf *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
opensuse opensuse 13.2
CVE-2015-8875 MEDIUM

Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
debian debian_linux 8.0
gnome gdk-pixbuf *
CVE-2016-1000002 LOW

gdm3 3.14.2 and possibly later has an information leak before screen lock

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.4 LOW CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 0.9 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 10.0
debian debian_linux 9.0
gnome gnome_display_manager 3.14.2
redhat enterprise_linux 7.0
opensuse leap 42.2
CVE-2016-1000033 MEDIUM

Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
redhat enterprise_linux 7.0
gnome shotwell 0.22.0
CVE-2016-10727 MEDIUM

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
gnome evolution *
CVE-2016-20011 MEDIUM

libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
gnome libgrss *
CVE-2016-4348 MEDIUM

The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 8.0
opensuse leap 42.1
gnome librsvg *
opensuse opensuse 13.2
CVE-2016-6163 MEDIUM

The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnome librsvg 2.40.2
CVE-2016-6352 MEDIUM

The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
opensuse leap 42.1
canonical ubuntu_linux 16.04
gnome gdk-pixbuf *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
opensuse opensuse 13.2
CVE-2016-6855 MEDIUM

Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gnome eye_of_gnome 3.19.1
gnome eye_of_gnome 3.17.91
gnome eye_of_gnome 3.19.2
gnome eye_of_gnome 3.18.2
fedoraproject fedora 24
gnome eye_of_gnome 3.20.2
gnome eye_of_gnome 3.19.92
gnome eye_of_gnome 3.17.1
gnome eye_of_gnome 3.20.0
gnome eye_of_gnome 3.19.3
gnome eye_of_gnome 3.20.3
gnome eye_of_gnome 3.17.3
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
gnome eye_of_gnome 3.16.5
gnome eye_of_gnome 3.19.91
fedoraproject fedora 23
gnome eye_of_gnome 3.17.90
gnome eye_of_gnome 3.19.90
gnome eye_of_gnome 3.17.2
opensuse opensuse 13.2
gnome eye_of_gnome 3.17.92
opensuse leap 42.1
canonical ubuntu_linux 16.04
gnome eye_of_gnome 3.19.4
gnome eye_of_gnome 3.18.0
gnome eye_of_gnome 3.20.1
gnome eye_of_gnome 3.18.1
CVE-2016-9888 MEDIUM

An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnome libgsf *
CVE-2017-1000024 MEDIUM

Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
gnome shotwell *
CVE-2017-1000025 MEDIUM

GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
gnome epiphany 3.20.2
gnome epiphany 3.22.1
gnome epiphany 3.22.4
gnome epiphany 3.20.6
gnome epiphany 3.23.4
gnome epiphany 3.22.2
gnome epiphany 3.23.1
gnome epiphany 3.20.4
gnome epiphany 3.20.3
gnome epiphany 3.18.3
gnome epiphany 3.20.5
gnome epiphany 3.20.1
gnome epiphany 3.18.7
gnome epiphany 3.22.3
gnome epiphany 3.23.2.1
gnome epiphany 3.23.1.2
gnome epiphany 3.18.8
gnome epiphany 3.18.5
gnome epiphany 3.23.1.1
gnome epiphany 3.23.3
gnome epiphany 3.18.4
gnome epiphany 3.18.2
gnome epiphany 3.18.1
gnome epiphany 3.23.2
gnome epiphany 3.18.10
gnome epiphany 3.20.0
gnome epiphany 3.18.0
gnome epiphany 3.18.9
gnome epiphany 3.18.6
gnome epiphany 3.22.5
gnome epiphany 3.22.0
CVE-2017-1000044 HIGH

gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnome gtk-vnc 0.4.2
CVE-2017-1000083 MEDIUM

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 7.4
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server 7.5
redhat enterprise_linux_server_eus 7.6
gnome evince *
debian debian_linux 8.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server 7.6
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.4
CVE-2017-1000159 MEDIUM

Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
gnome evince *
CVE-2017-1000422 MEDIUM

Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 7.0
canonical ubuntu_linux 17.10
debian debian_linux 9.0
canonical ubuntu_linux 16.04
gnome gdk-pixbuf *
canonical ubuntu_linux 14.04
CVE-2017-11171 MEDIUM

Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each failed authentication attempt will leak a file descriptor in gnome-session. When the maximum number of file descriptors is exhausted in the gnome-session process, it will enter an infinite loop trying to communicate without success, consuming 100% of the CPU. The graphical session associated with the gnome-session process will stop working correctly, because communication with gnome-session is no longer possible.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
gnome gnome-session *
CVE-2017-11464 MEDIUM

A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
gnome librsvg 2.40.17
CVE-2017-11590 MEDIUM

There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a remote denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnome libgxps 0.2.5
CVE-2017-12164 MEDIUM

A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-592,CWE-665,

Products Affected

Vendor Product Version
gnome gnome_display_manager 3.24.1
CVE-2017-12447 MEDIUM

GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnome gdk-pixbuf 2.32.2
gnome nautilus 3.14.3
CVE-2017-14108 HIGH

libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
gnome gedit *
CVE-2017-14604 MEDIUM

GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 10.0
debian debian_linux 9.0
gnome nautilus *
CVE-2017-17689 MEDIUM

The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
postbox-inc postbox -
9folders nine -
gnome evolution -
microsoft outlook 2010
microsoft outlook 2016
microsoft outlook 2007
ibm notes -
flipdogsolutions maildroid -
r2mail2 r2mail2 -
apple mail -
google gmail -
kde kmail -
microsoft outlook 2013
mozilla thunderbird -
ritlabs the_bat -
freron mailmate -
horde horde_imp -
kde trojita -
bloop airmail -
emclient emclient -
CVE-2017-2862 MEDIUM

An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 8.0
gnome gdk-pixbuf 2.36.6
CVE-2017-2870 MEDIUM

An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
debian debian_linux 8.0
gnome gdk-pixbuf 2.36.6
CVE-2017-2885 HIGH

An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
redhat enterprise_linux_server_eus 7.4
gnome libsoup 2.58
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.4
CVE-2017-5884 MEDIUM

gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-118,

Products Affected

Vendor Product Version
gnome gtk-vnc *
fedoraproject fedora 25
CVE-2017-5885 HIGH

Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
gnome gtk-vnc *
fedoraproject fedora 25
CVE-2017-6311 MEDIUM

gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
fedoraproject fedora 30
gnome gdk-pixbuf *
fedoraproject fedora 31
CVE-2017-6312 MEDIUM

Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
debian debian_linux 8.0
fedoraproject fedora 30
gnome gdk-pixbuf *
fedoraproject fedora 31
CVE-2017-6313 MEDIUM

Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-191,

Products Affected

Vendor Product Version
debian debian_linux 8.0
fedoraproject fedora 30
gnome gdk-pixbuf *
fedoraproject fedora 31
CVE-2017-6314 MEDIUM

The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
debian debian_linux 8.0
fedoraproject fedora 30
gnome gdk-pixbuf *
fedoraproject fedora 31
CVE-2017-7960 MEDIUM

The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnome libcroco 0.6.12
gnome libcroco 0.6.11
CVE-2017-7961 MEDIUM

The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports "This is not a security issue in my view. The conversion surely is truncating the double into a long value, but there is no impact as the value is one of the RGB components.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnome libcroco 0.6.12
gnome libcroco 0.6.11
CVE-2017-8288 MEDIUM

gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gnome gnome-shell 3.22.2
gnome gnome-shell 3.24.1
gnome gnome-shell 3.23.2
gnome gnome-shell 3.22.1
gnome gnome-shell 3.22.3
gnome gnome-shell 3.23.1
gnome gnome-shell 3.23.91
gnome gnome-shell 3.23.92
gnome gnome-shell 3.23.90
gnome gnome-shell 3.23.3
gnome gnome-shell 3.24.0
gnome gnome-shell 3.22.0
CVE-2017-8834 MEDIUM

The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
opensuse leap 42.3
gnome libcroco 0.6.12
CVE-2017-8871 HIGH

The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-835,

Products Affected

Vendor Product Version
opensuse leap 42.3
gnome libcroco 0.6.12
CVE-2018-1000041 MEDIUM

GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 7.0
gnome librsvg *
CVE-2018-1000135 MEDIUM

GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does not appear to be available at this time.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
gnome networkmanager *
CVE-2018-10733 MEDIUM

There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
redhat ansible_tower 3.3
opensuse leap 15.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
gnome libgxps *
redhat enterprise_linux_desktop 7.0
CVE-2018-10767 MEDIUM

There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
redhat ansible_tower 3.3
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
gnome libgxps *
redhat enterprise_linux_desktop 7.0
CVE-2018-10900 HIGH

Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
gnome network_manager_vpnc *
CVE-2018-11396 MEDIUM

ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
gnome epiphany *
CVE-2018-11713 MEDIUM

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
webkitgtk webkitgtk+ *
gnome libsoup *
CVE-2018-12016 MEDIUM

libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
gnome epiphany *
CVE-2018-12422 HIGH

addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the required string length first, and then allocated a large-enough buffer on the heap.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnome evolution *
CVE-2018-12910 HIGH

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnome libsoup 2.63.2
opensuse leap 15.0
redhat openshift_container_platform 3.11
debian debian_linux 8.0
redhat ansible_tower 3.3
canonical ubuntu_linux 17.10
canonical ubuntu_linux 18.04
debian debian_linux 9.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 7.0
CVE-2018-14424 MEDIUM

The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
gnome gnome_display_manager *
CVE-2018-15120 MEDIUM

libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
gnome pango *
CVE-2018-15587 MEDIUM

GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,

Products Affected

Vendor Product Version
debian debian_linux 8.0
gnome evolution *
CVE-2018-16428 HIGH

In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
gnome glib 2.56.1
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
CVE-2018-16429 MEDIUM

GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
gnome glib 2.56.1
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
CVE-2018-18718 MEDIUM

An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
debian debian_linux 8.0
gnome gthumb *
CVE-2018-19358 LOW

GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. NOTE: the vendor disputes this because, according to the security model, untrusted applications must not be allowed to access the user's session bus socket.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
gnome gnome-keyring *
CVE-2018-20781 LOW

In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
gnome gnome_keyring *
canonical ubuntu_linux 14.04
oracle zfs_storage_appliance_kit 8.8
CVE-2018-5345 MEDIUM

A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora -
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_eus 7.6
gnome gcab *
redhat enterprise_linux_server_tus 7.6
canonical ubuntu_linux 17.10
debian debian_linux 9.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.4
CVE-2019-1010006 MEDIUM

Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 10.0
debian debian_linux 9.0
canonical ubuntu_linux 16.04
opensuse leap 15.0
opensuse leap 15.1
gnome evince 3.26.0
CVE-2019-1010238 HIGH

Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_eus 7.6
redhat enterprise_linux 8.0
redhat openshift_container_platform 4.1
redhat enterprise_linux_server_tus 7.7
fedoraproject fedora 29
redhat enterprise_linux_eus 8.1
oracle sd-wan_edge 8.2
redhat enterprise_linux_eus 7.4
oracle sd-wan_edge 7.3
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_aus 7.7
fedoraproject fedora 30
redhat enterprise_linux_eus 8.4
oracle sd-wan_edge 8.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 8.2
debian debian_linux 10.0
canonical ubuntu_linux 19.04
redhat enterprise_linux_server_tus 8.2
redhat openshift_container_platform 3.11
oracle sd-wan_edge 8.1
gnome pango *
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_tus 7.6
CVE-2019-11459 MEDIUM

The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,CWE-908,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 8.4
debian debian_linux 10.0
canonical ubuntu_linux 19.04
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server_tus 8.2
opensuse leap 15.0
redhat enterprise_linux 8.0
fedoraproject fedora 29
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_eus 8.1
redhat enterprise_linux_server_aus 8.2
gnome evince *
canonical ubuntu_linux 18.10
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_tus 8.4
debian debian_linux 8.0
fedoraproject fedora 30
canonical ubuntu_linux 18.04
debian debian_linux 9.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_eus 8.4
opensuse leap 15.1
redhat enterprise_linux_eus 8.2
CVE-2019-11460 MEDIUM

An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gnome gnome-desktop 3.26.0
gnome gnome-desktop *
gnome gnome-desktop 3.28.0
CVE-2019-11461 MEDIUM

An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
gnome nautilus *
CVE-2019-12447 MEDIUM

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N 2.1 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 30
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.04
canonical ubuntu_linux 16.04
opensuse leap 15.0
opensuse leap 15.1
gnome gvfs *
fedoraproject fedora 29
canonical ubuntu_linux 18.10
CVE-2019-12448 MEDIUM

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
gnome gvfs *
CVE-2019-12449 LOW

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 2.1 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-755,

Products Affected

Vendor Product Version
fedoraproject fedora 30
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.04
canonical ubuntu_linux 16.04
opensuse leap 15.0
opensuse leap 15.1
gnome gvfs *
fedoraproject fedora 29
canonical ubuntu_linux 18.10
CVE-2019-12450 HIGH

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,CWE-362,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 8.4
canonical ubuntu_linux 19.04
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server_tus 8.2
opensuse leap 15.0
redhat enterprise_linux 8.0
gnome glib *
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_eus 8.1
redhat enterprise_linux_server_aus 8.2
canonical ubuntu_linux 18.10
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_tus 8.4
debian debian_linux 8.0
fedoraproject fedora 30
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
redhat enterprise_linux_eus 8.4
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
redhat enterprise_linux_eus 8.2
CVE-2019-12795 MEDIUM

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,

Products Affected

Vendor Product Version
gnome gvfs *
CVE-2019-13012 MEDIUM

The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
gnome glib *
CVE-2019-16680 LOW

An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-22,

Products Affected

Vendor Product Version
debian debian_linux 8.0
canonical ubuntu_linux 18.04
debian debian_linux 9.0
canonical ubuntu_linux 16.04
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
gnome file-roller *
CVE-2019-17266 HIGH

libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gnome libsoup *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.04
CVE-2019-19308 MEDIUM

In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that returns NULL).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
gnome gnome-font-viewer 3.34.0
CVE-2019-19451 MEDIUM

When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
fedoraproject fedora 32
opensuse leap 15.1
gnome dia *
fedoraproject fedora 33
CVE-2019-20326 MEDIUM

A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 9.0
gnome gthumb *
linuxmint pix *
CVE-2019-20446 MEDIUM

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
fedoraproject fedora 30
canonical ubuntu_linux 18.04
gnome librsvg *
debian debian_linux 9.0
canonical ubuntu_linux 16.04
opensuse leap 15.1
netapp active_iq_unified_manager -
fedoraproject fedora 31
CVE-2019-25085

A vulnerability was found in GNOME gvdb. It has been classified as critical. This affects the function gvdb_table_write_contents_async of the file gvdb-builder.c. The manipulation leads to use after free. It is possible to initiate the attack remotely. The name of the patch is d83587b2a364eb9a9a53be7e6a708074e252de14. It is recommended to apply a patch to fix this issue. The identifier VDB-216789 was assigned to this vulnerability.

Products Affected

Vendor Product Version
gnome gvariant_database *
CVE-2019-3820 MEDIUM

It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 0.9 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,CWE-287,

Products Affected

Vendor Product Version
opensuse leap 42.3
canonical ubuntu_linux 18.04
opensuse leap 15.0
opensuse leap 15.1
gnome gnome-shell *
canonical ubuntu_linux 18.10
CVE-2019-3825 MEDIUM

A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
gnome gnome_display_manager *
canonical ubuntu_linux 18.04
redhat enterprise_linux 7.0
canonical ubuntu_linux 18.10
CVE-2019-3827 LOW

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-863,CWE-863,

Products Affected

Vendor Product Version
gnome gvfs *
CVE-2019-3890 MEDIUM

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,CWE-296,CWE-295,

Products Affected

Vendor Product Version
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
gnome evolution-ews *
CVE-2019-6251 MEDIUM

WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
opensuse leap 42.3
fedoraproject fedora 28
fedoraproject fedora 30
wpewebkit wpe_webkit *
canonical ubuntu_linux 18.04
opensuse leap 15.0
fedoraproject fedora 29
gnome epiphany *
webkitgtk webkitgtk *
canonical ubuntu_linux 18.10
CVE-2019-9633 MEDIUM

gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,

Products Affected

Vendor Product Version
gnome glib 2.59.2
CVE-2020-10754 MEDIUM

It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-306,CWE-306,

Products Affected

Vendor Product Version
fedoraproject fedora 31
gnome networkmanager *
CVE-2020-11736 LOW

fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.9 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L 1.3 2.5

CVSS 2.0

Severity: LOW

Problem Type: CWE-22,CWE-59,

Products Affected

Vendor Product Version
debian debian_linux 8.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 19.10
canonical ubuntu_linux 20.04
gnome file-roller *
CVE-2020-11879 MEDIUM

An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome evolution *
CVE-2020-12825 MEDIUM

libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H 2.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,

Products Affected

Vendor Product Version
gnome libcroco *
CVE-2020-13645 MEDIUM

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
netapp cloud_backup -
canonical ubuntu_linux 19.10
fedoraproject fedora 32
canonical ubuntu_linux 20.04
gnome balsa 2.6.0
fedoraproject fedora 31
gnome glib-networking *
gnome balsa *
broadcom fabric_operating_system -
CVE-2020-14391 LOW

A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,CWE-522,

Products Affected

Vendor Product Version
gnome control_center -
CVE-2020-14928 MEDIUM

evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
debian debian_linux 10.0
canonical ubuntu_linux 18.04
debian debian_linux 9.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 20.04
fedoraproject fedora 31
gnome evolution-data-server *
CVE-2020-16117 MEDIUM

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
debian debian_linux 9.0
gnome evolution-data-server *
CVE-2020-16118 MEDIUM

In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse backports_sle 15.0
gnome balsa *
CVE-2020-16125 MEDIUM

gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@ubuntu.com 7.2 HIGH CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 0.5 6.0
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,CWE-754,

Products Affected

Vendor Product Version
gnome gnome_display_manager *
CVE-2020-17489 LOW

An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 0.7 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,

Products Affected

Vendor Product Version
opensuse leap 15.2
debian debian_linux 9.0
canonical ubuntu_linux 20.04
gnome gnome-shell *
CVE-2020-24661 LOW

GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-295,

Products Affected

Vendor Product Version
fedoraproject fedora 32
fedoraproject fedora 31
gnome geary *
CVE-2020-27837 MEDIUM

A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.4 MEDIUM CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
gnome gnome_display_manager *
CVE-2020-29385 MEDIUM

GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
gnome gdk-pixbuf *
canonical ubuntu_linux 20.04
fedoraproject fedora 34
fedoraproject fedora 33
canonical ubuntu_linux 20.10
CVE-2020-35457 MEDIUM

GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-787,

Products Affected

Vendor Product Version
gnome glib *
CVE-2020-36241 LOW

autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-22,CWE-59,

Products Affected

Vendor Product Version
gnome gnome-autoar *
fedoraproject fedora 34
CVE-2020-36314 LOW

fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.9 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L 1.3 2.5

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gnome file-roller *
fedoraproject fedora 34
CVE-2020-36427 MEDIUM

GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
gnome gthumb *
CVE-2020-36774

plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash).

Products Affected

Vendor Product Version
gnome glade *
CVE-2020-6750 MEDIUM

GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 30
gnome glib *
fedoraproject fedora 31
CVE-2021-20240 HIGH

A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-191,

Products Affected

Vendor Product Version
gnome gdk-pixbuf *
fedoraproject fedora 34
fedoraproject fedora 33
CVE-2021-20297 LOW

A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
redhat enterprise_linux 8.0
redhat openshift_container_platform 4.0
gnome networkmanager *
fedoraproject fedora 33
CVE-2021-20315 LOW

A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked.

CVSS 2.0

Severity: LOW

Problem Type: CWE-667,CWE-667,

Products Affected

Vendor Product Version
gnome gnome-shell *
centos stream 8
CVE-2021-27218 MEDIUM

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-681,

Products Affected

Vendor Product Version
debian debian_linux 9.0
netapp cloud_backup -
gnome glib *
broadcom brocade_fabric_operating_system_firmware -
netapp e-series_performance_analyzer -
netapp active_iq_unified_manager -
fedoraproject fedora 34
fedoraproject fedora 33
CVE-2021-27219 MEDIUM

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-681,

Products Affected

Vendor Product Version
debian debian_linux 9.0
netapp cloud_backup -
gnome glib *
broadcom brocade_fabric_operating_system_firmware -
netapp e-series_performance_analyzer -
netapp active_iq_unified_manager -
fedoraproject fedora 34
fedoraproject fedora 33
CVE-2021-28153 MEDIUM

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
debian debian_linux 9.0
gnome glib *
broadcom brocade_fabric_operating_system_firmware -
fedoraproject fedora 33
CVE-2021-28650 LOW

autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-36241.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gnome gnome-autoar *
fedoraproject fedora 34
CVE-2021-3349 LOW

GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-345,

Products Affected

Vendor Product Version
gnome evolution *
CVE-2021-33516 MEDIUM

An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnome gupnp *
CVE-2021-3567 MEDIUM

A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage Caribou as an input mechanism. The highest threat from this vulnerability is to system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-787,

Products Affected

Vendor Product Version
gnome caribou *
CVE-2021-3800

A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
debian debian_linux 10.0
gnome glib *
netapp active_iq_unified_manager -
CVE-2021-39358 MEDIUM

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
fedoraproject fedora 35
fedoraproject fedora 34
fedoraproject fedora 33
gnome libgfbgraph *
CVE-2021-39359 MEDIUM

In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
fedoraproject fedora 35
gnome libgda *
fedoraproject fedora 34
CVE-2021-39360 MEDIUM

In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
fedoraproject fedora 35
gnome libzapojit *
fedoraproject fedora 34
fedoraproject fedora 33
CVE-2021-39361 MEDIUM

In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
gnome evolution-rss *
CVE-2021-39365 MEDIUM

In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
gnome grilo *
debian debian_linux 10.0
debian debian_linux 9.0
debian debian_linux 11.0
CVE-2021-3982 LOW

Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine.

CVSS 2.0

Severity: LOW

Problem Type: CWE-273,CWE-273,

Products Affected

Vendor Product Version
gnome gnome-shell -
CVE-2021-42522

There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call 'g_free()' to release the return value of 'xmlGetProp()'.

Products Affected

Vendor Product Version
gnome anjuta 2.0.0
CVE-2021-44648 MEDIUM

GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 35
gnome gdkpixbuf 2.42.6
debian debian_linux 11.0
fedoraproject fedora 34
CVE-2021-45085 MEDIUM

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
debian debian_linux 10.0
debian debian_linux 11.0
gnome epiphany *
CVE-2021-45086 MEDIUM

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
debian debian_linux 11.0
gnome epiphany *
CVE-2021-45087 MEDIUM

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
debian debian_linux 10.0
debian debian_linux 11.0
gnome epiphany *
CVE-2021-45088 MEDIUM

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
debian debian_linux 10.0
debian debian_linux 11.0
gnome epiphany *
CVE-2021-46829

GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
fedoraproject fedora 35
gnome gdk-pixbuf *
debian debian_linux 11.0
CVE-2022-1736

Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
gnome gnome-remote-desktop 42.1.1
canonical ubuntu_linux 18.04
canonical ubuntu_linux 20.04
gnome gnome-remote-desktop 42.1.1-1
canonical ubuntu_linux 22.04
gnome gnome-remote-desktop 42.1.1-2
CVE-2022-27811 HIGH

GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
gnome ocrfeeder *
CVE-2022-29536 MEDIUM

In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 35
debian debian_linux 10.0
debian debian_linux 11.0
fedoraproject fedora 34
fedoraproject fedora 36
gnome epiphany *
CVE-2022-37290

GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
gnome nautilus 42.2
fedoraproject fedora 37
fedoraproject fedora 36
CVE-2022-48622

In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
gnome gdkpixbuf *
CVE-2023-26081

In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 37
gnome epiphany *
CVE-2023-29499

A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
secalert@redhat.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
gnome glib *
CVE-2023-32611

A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
secalert@redhat.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
gnome glib *
CVE-2023-32636

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.0 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
gnome glib *
CVE-2023-32643

A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 1.8 3.4
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
gnome glib *
CVE-2023-32665

A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
secalert@redhat.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
gnome glib *
CVE-2023-36250

CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
gnome gnome-time_tracker 3.0.2
CVE-2023-38633

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.

Products Affected

Vendor Product Version
gnome librsvg *
fedoraproject fedora 37
debian debian_linux 12.0
debian debian_linux 11.0
fedoraproject fedora 38
CVE-2023-43090

A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
patrick@puiterwijk.org 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
gnome gnome-shell 42
fedoraproject fedora 37
fedoraproject fedora 38
gnome gnome-shell *
CVE-2023-43091

A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
patrick@puiterwijk.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
gnome gnome-maps *
CVE-2023-5557

A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L 1.6 5.3
nvd@nist.gov 7.7 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.0 6.0

Products Affected

Vendor Product Version
gnome tracker_miners *
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
CVE-2023-5616

In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.9 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 1.4 3.4

Products Affected

Vendor Product Version
canonical ubuntu_linux 23.10
canonical ubuntu_linux 20.04
canonical ubuntu_linux 22.04
canonical ubuntu_linux 23.04
gnome control_center *
CVE-2024-34397

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.

Products Affected

Vendor Product Version
debian debian_linux 10.0
fedoraproject fedora 40
fedoraproject fedora 39
gnome glib *
netapp ontap_tools 10
CVE-2024-36474

An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

Products Affected

Vendor Product Version
gnome libgsf 1.14.52
CVE-2024-42415

An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

Products Affected

Vendor Product Version
gnome libgsf 1.14.52
CVE-2024-52530

GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.

Products Affected

Vendor Product Version
gnome libsoup *
CVE-2024-52531

GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the content type of a request or response).

Products Affected

Vendor Product Version
gnome libsoup *
CVE-2024-52532

GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.

Products Affected

Vendor Product Version
gnome libsoup *
CVE-2024-52533

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
gnome glib *
netapp active_iq_unified_manager -
debian debian_linux 11.0
netapp ontap_tools 10
CVE-2025-13601

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 2.5 5.2

Products Affected

Vendor Product Version
redhat openshift_container_platform_for_ibm_z 4.16
redhat enterprise_linux_server_for_power_little_endian_eus 9.4_ppc64le
redhat openshift_container_platform 4.18
redhat codeready_linux_builder_for_arm64 10.0
redhat codeready_linux_builder_for_power_little_endian_eus 10.0_ppc64le
redhat enterprise_linux_for_x86_64_eus 10.0
redhat enterprise_linux_for_power_little_endian 9.6_ppc64le
redhat enterprise_linux_for_arm_64 9.0
redhat enterprise_linux_for_power_little_endian 8.0_ppc64le
redhat openshift_container_platform_for_arm64 4.16
redhat ceph_storage 8.0
redhat enterprise_linux_for_x86_64 8.8
redhat codeready_linux_builder_for_power_little_endian 9.6_ppc64le
redhat enterprise_linux_for_x86_64 9.0
redhat enterprise_linux_for_arm_64 10.0
redhat enterprise_linux_server_aus 9.2
redhat enterprise_linux_server_aus 8.6
redhat openshift_container_platform_for_linuxone 4.16
redhat codeready_linux_builder_for_power_little_endian 9.0_ppc64le
redhat enterprise_linux_server_aus 9.6
redhat openshift_container_platform_for_power 4.12
redhat enterprise_linux_for_power_little_endian 10.0_ppc64le
redhat enterprise_linux_for_arm_64 9.6
redhat codeready_linux_builder_for_x86_64_eus 10.0
redhat enterprise_linux_for_power_little_endian 9.2_ppc64le
redhat codeready_linux_builder_for_x86_64 10.0
redhat openshift_container_platform 4.17
redhat codeready_linux_builder_for_ibm_z_systems 10.0_s390x
redhat enterprise_linux_for_power_little_endian_eus 9.6_ppc64le
redhat enterprise_linux_server_aus 9.4
redhat openshift_container_platform_for_power 4.16
redhat openshift_container_platform_for_arm64 4.19
redhat codeready_linux_builder_for_ibm_z_systems 9.4_s390x
redhat enterprise_linux_for_x86_64 9.4
redhat openshift_container_platform_for_ibm_z 4.19
redhat discovery 2.0
redhat enterprise_linux_for_ibm_z_systems 9.0_s390x
redhat enterprise_linux_for_ibm_z_systems 9.6_s390x
redhat codeready_linux_builder_for_arm64_eus 9.4
redhat codeready_linux_builder_for_power_little_endian 8.0_ppc64le
redhat enterprise_linux_server_for_power_little_endian 8.6_ppc64le
redhat enterprise_linux_for_ibm_z_systems 9.2_s390x
redhat openshift_container_platform_for_arm64 4.17
redhat enterprise_linux_for_ibm_z_systems 9.4_s390x
redhat enterprise_linux_for_arm_64 8.0
redhat openshift_container_platform_for_arm64 4.12
redhat enterprise_linux_for_ibm_z_systems 10.0_s390x
redhat enterprise_linux_for_x86_64_eus 8.6
redhat enterprise_linux_for_x86_64_eus 8.8
redhat openshift_container_platform_for_linuxone 4.12
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_for_ibm_z_systems_eus 10.0_s390x
redhat enterprise_linux_for_arm_64 9.4
gnome glib *
redhat codeready_linux_builder_for_arm64_eus 10.0
redhat enterprise_linux_server_aus 8.2
redhat codeready_linux_builder_for_x86_64 9.4
redhat openshift_container_platform_for_ibm_z 4.18
redhat enterprise_linux_server_for_power_little_endian 9.6_ppc64le
redhat codeready_linux_builder_for_x86_64 9.6
redhat enterprise_linux_for_ibm_z_systems 8.0_s390x
redhat codeready_linux_builder_for_power_little_endian 10.0_ppc64le
redhat enterprise_linux_server_for_power_little_endian 10.0_ppc64le
redhat enterprise_linux_for_arm_64 9.2
redhat openshift_container_platform_for_power 4.18
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_for_arm_64_eus 10.0
redhat openshift_container_platform_for_power 4.19
redhat openshift_container_platform 4.12
redhat codeready_linux_builder_for_x86_64 8.0
redhat openshift_container_platform_for_linuxone 4.18
redhat codeready_linux_builder_for_x86_64 9.0
redhat enterprise_linux_for_x86_64_eus 8.4
redhat codeready_linux_builder_for_arm64 8.0
redhat openshift_container_platform_for_ibm_z 4.17
redhat enterprise_linux_for_x86_64 10.0
redhat codeready_linux_builder_for_ibm_z_systems 9.0_s390x
redhat openshift_container_platform 4.19
redhat openshift_container_platform 4.16
redhat enterprise_linux_server_tus 8.8
redhat enterprise_linux_for_power_little_endian_eus 10.0_ppc64le
redhat enterprise_linux_server_for_power_little_endian 9.4_ppc64le
redhat codeready_linux_builder_for_power_little_endian 9.4_ppc64le
redhat codeready_linux_builder_for_arm64 9.6
redhat openshift_container_platform_for_linuxone 4.19
redhat codeready_linux_builder 9.0
redhat openshift_container_platform_for_power 4.17
redhat enterprise_linux_for_x86_64 8.0
redhat openshift_container_platform_for_ibm_z 4.12
redhat openshift_container_platform_for_arm64 4.18
redhat openshift_container_platform_for_linuxone 4.17
redhat enterprise_linux_for_power_little_endian 9.0_ppc64le
redhat enterprise_linux_for_power_little_endian 9.4_ppc64le
redhat codeready_linux_builder_for_ibm_z_systems 9.6_s390x
redhat codeready_linux_builder_for_ibm_z_systems 8.0_s390x
redhat codeready_linux_builder_for_ibm_z_systems_eus 10.0_s390x
redhat enterprise_linux_server_for_power_little_endian 8.8_ppc64le
redhat enterprise_linux_for_x86_64 9.2
redhat enterprise_linux_for_x86_64_eus 9.6
redhat enterprise_linux_for_x86_64 8.6
redhat enterprise_linux_for_x86_64_eus 9.4
redhat enterprise_linux_for_x86_64 9.6
CVE-2025-14087

A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 2.2 3.4

Products Affected

Vendor Product Version
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
gnome glib *
CVE-2025-14512

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
redhat openshift 4.0
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
gnome glib *
CVE-2025-2784

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.0 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H 2.2 4.7
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_for_ibm_z_systems_eus 10.0_s390x
redhat enterprise_linux_eus 9.4
redhat enterprise_linux_for_power_little_endian_eus 8.8_ppc64le
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux_for_power_little_endian_eus 9.4_ppc64le
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_for_arm_64_eus 9.2_aarch64
redhat codeready_linux_builder_for_arm64_eus 10.0_aarch64
redhat codeready_linux_builder_for_power_little_endian_eus 10.0_ppc64le
redhat enterprise_linux_update_services_for_sap_solutions 9.6
redhat enterprise_linux_for_arm_64_eus 8.8_aarch64
redhat enterprise_linux_for_power_little_endian 8.0_ppc64le
redhat enterprise_linux_for_ibm_z_systems_eus 9.4_s390x
redhat enterprise_linux_for_ibm_z_systems 8.0_s390x
redhat codeready_linux_builder_for_power_little_endian 10.0_ppc64le
redhat enterprise_linux_eus 10.0
redhat enterprise_linux_for_ibm_z_systems_eus 8.8_s390x
redhat enterprise_linux_server_aus 9.2
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_eus 9.2
redhat enterprise_linux_for_arm_64_eus 10.0_aarch64
redhat enterprise_linux_update_services_for_sap_solutions 9.0
redhat codeready_linux_builder 10.0
redhat codeready_linux_builder_for_arm64 10.0_aarch64
redhat enterprise_linux_update_services_for_sap_solutions 9.2
redhat enterprise_linux_server_aus 9.6
redhat enterprise_linux_for_ibm_z_systems_eus 9.2_s390x
redhat enterprise_linux_eus 8.8
redhat enterprise_linux_for_power_little_endian 10.0_ppc64le
gnome libsoup *
redhat codeready_linux_builder_for_ibm_z_systems 10.0_s390x
redhat enterprise_linux_update_services_for_sap_solutions 8.8
redhat enterprise_linux_for_arm_64 8.0_aarch64
redhat enterprise_linux_for_power_little_endian_eus 9.6_ppc64le
redhat enterprise_linux_server_tus 8.8
redhat enterprise_linux_server_aus 9.4
redhat enterprise_linux 10.0
redhat enterprise_linux_for_power_little_endian_eus 10.0_ppc64le
redhat enterprise_linux_server 7.0
redhat enterprise_linux_for_arm_64 9.0_aarch64
redhat enterprise_linux_for_arm_64_eus 9.6_aarch64
redhat enterprise_linux_eus 9.6
redhat enterprise_linux_for_arm_64_eus 9.4_aarch64
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.0_ppc64le
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.6_ppc64le
redhat enterprise_linux_for_power_little_endian 9.0_ppc64le
redhat enterprise_linux_for_ibm_z_systems 9.0_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 9.6_s390x
redhat codeready_linux_builder_for_ibm_z_systems_eus 10.0_s390x
redhat enterprise_linux_for_arm_64 10.0_aarch64
redhat enterprise_linux_for_power_little_endian_eus 9.2_ppc64le
redhat enterprise_linux_update_services_for_sap_solutions 9.4
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6_ppc64le
redhat enterprise_linux_for_ibm_z_systems 10.0_s390x
CVE-2025-3155

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.4 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N 2.8 4.0

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_update_services_for_sap_solutions 8.4
redhat enterprise_linux_eus 9.4
redhat codeready_linux_builder_for_ibm_z_systems_eus 9.6_s390x
redhat enterprise_linux_for_power_little_endian_eus 8.8_ppc64le
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux_for_power_little_endian_eus 9.4_ppc64le
redhat codeready_linux_builder_for_ibm_z_systems_eus 9.2_s390x
redhat codeready_linux_builder_for_eus 9.2
redhat codeready_linux_builder_for_arm64 9.0_aarch64
redhat codeready_linux_builder_for_arm64_eus 9.2_aarch64
redhat enterprise_linux_server_aus 8.2
redhat codeready_linux_builder_for_power_little_endian_eus 8.8_ppc64le
redhat codeready_linux_builder_for_arm64_eus 9.6_aarch64
redhat codeready_linux_builder_for_power_little_endian_eus 9.6_ppc64le
redhat enterprise_linux_for_power_little_endian 8.0_ppc64le
redhat codeready_linux_builder 8.0
redhat enterprise_linux_for_ibm_z_systems_eus 9.4_s390x
redhat codeready_linux_builder_for_arm64 8.0_aarch64
redhat enterprise_linux_for_ibm_z_systems 8.0_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 8.8_s390x
redhat enterprise_linux_server_aus 9.2
redhat enterprise_linux_server_tus 8.6
debian debian_linux 11.0
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_eus 9.2
redhat enterprise_linux_update_services_for_sap_solutions 9.0
redhat codeready_linux_builder_for_power_little_endian 9.0_ppc64le
redhat enterprise_linux_update_services_for_sap_solutions 9.2
redhat enterprise_linux_server_aus 9.6
redhat enterprise_linux_for_ibm_z_systems_eus 9.2_s390x
redhat codeready_linux_builder_for_power_little_endian_eus 9.4_ppc64le
redhat enterprise_linux_for_arm_64 9.2_aarch64
redhat codeready_linux_builder_for_ibm_z_systems 9.0_s390x
redhat enterprise_linux_update_services_for_sap_solutions 8.8
redhat codeready_linux_builder_for_arm64_eus 9.4_aarch64
redhat codeready_linux_builder_for_arm64_eus 8.8_aarch64
redhat codeready_linux_builder_for_power_little_endian_eus 9.2_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 9.6_ppc64le
redhat enterprise_linux_server_tus 8.8
redhat enterprise_linux_server_aus 9.4
redhat codeready_linux_builder_for_eus 9.4
redhat enterprise_linux_for_arm_64 8.8_aarch64
redhat enterprise_linux_for_arm_64 9.0_aarch64
redhat enterprise_linux_update_services_for_sap_solutions 8.6
redhat enterprise_linux_for_arm_64_eus 9.6_aarch64
redhat enterprise_linux_eus 9.6
redhat codeready_linux_builder_for_eus 8.8
redhat codeready_linux_builder 9.0
redhat enterprise_linux_for_arm_64_eus 9.4_aarch64
redhat codeready_linux_builder_for_ibm_z_systems_eus 9.4_s390x
redhat codeready_linux_builder_for_ibm_z_systems_eus 8.8_s390x
redhat enterprise_linux_for_power_little_endian 9.0_ppc64le
redhat enterprise_linux_server_tus 8.4
redhat codeready_linux_builder_for_ibm_z_systems 8.0_s390x
redhat enterprise_linux_for_ibm_z_systems 9.0_s390x
redhat codeready_linux_builder_for_power_little_endian 8.0_ppc64le
redhat enterprise_linux_for_ibm_z_systems_eus 9.6_s390x
gnome yelp 42.2-8
redhat enterprise_linux_for_power_little_endian_eus 9.2_ppc64le
redhat enterprise_linux_update_services_for_sap_solutions 9.4
redhat enterprise_linux_for_arm_64 8.0
CVE-2025-4056

A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 2.2 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
gnome glib *
CVE-2025-6052

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 2.2 1.4

Products Affected

Vendor Product Version
gnome glib *
CVE-2025-6196

A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
gnome libgepub -
CVE-2025-6199

A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4

Products Affected

Vendor Product Version
gnome gdkpixbuf 2.0.0
CVE-2026-1801

A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk headers, such as lone line feed (LF) characters instead of the required carriage return and line feed (CRLF). A remote attacker can exploit this without authentication or user interaction by sending specially crafted chunked requests. This allows libsoup to parse and process multiple HTTP requests from a single network message, potentially leading to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
gnome libsoup -
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
redhat enterprise_linux 6.0
CVE-2026-2443

A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
secalert@redhat.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
gnome libsoup -
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
redhat enterprise_linux 6.0
CVE-2026-3632

A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where they can send hidden, malicious requests alongside legitimate ones. In certain situations, this could lead to Server-Side Request Forgery (SSRF), enabling an attacker to force the server to make unauthorized requests to other internal or external systems. The impact is low, as SoupServer is not actually used in internet infrastructure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 3.9 LOW CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L 0.5 3.4

Products Affected

Vendor Product Version
gnome libsoup -
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
redhat enterprise_linux 6.0
CVE-2026-3633

A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_message_new()` function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF (Carriage Return Line Feed) injection, occurs because the method value is not properly escaped during request line construction, potentially leading to HTTP request injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 3.9 LOW CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L 0.5 3.4

Products Affected

Vendor Product Version
gnome libsoup -
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
redhat enterprise_linux 6.0
CVE-2026-3634

A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. This vulnerability allows for the injection of arbitrary header-value pairs, potentially leading to HTTP header injection and response splitting attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 3.9 LOW CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L 0.5 3.4

Products Affected

Vendor Product Version
gnome libsoup -
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
redhat enterprise_linux 6.0
CVE-2026-4271

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the application attempting to access memory that has already been freed, potentially causing application instability or crashes, resulting in a Denial of Service (DoS).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
gnome libsoup -
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
redhat enterprise_linux 6.0
CVE-2026-5119

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N 1.6 4.2

Products Affected

Vendor Product Version
gnome libsoup -
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0