Vulnerabilities > Gnome

DATE CVE VULNERABILITY TITLE RISK
2020-12-28 CVE-2020-27837 Race Condition vulnerability in Gnome Display Manager
A flaw was found in GDM in versions prior to 3.38.2.1.
local
gnome CWE-362
4.4
2020-12-26 CVE-2020-29385 Infinite Loop vulnerability in multiple products
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes.
4.3
2020-12-14 CVE-2020-35457 Integer Overflow OR Wraparound vulnerability in Gnome Glib
** DISPUTED ** GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries.
local
low complexity
gnome CWE-190
4.6
2020-11-10 CVE-2020-16125 Improper Check for Unusual OR Exceptional Conditions vulnerability in Gnome Display Manager
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
local
low complexity
gnome CWE-754
4.6
2020-08-26 CVE-2020-24661 Improper Certificate Validation vulnerability in Gnome Geary
GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store.
network
high complexity
gnome CWE-295
2.6
2020-08-11 CVE-2020-17489 Insufficiently Protected Credentials vulnerability in Gnome Gnome-Shell
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4.
local
gnome CWE-522
1.9
2020-07-29 CVE-2020-16118 Null Pointer Dereference vulnerability in Gnome Balsa
In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.
network
low complexity
gnome CWE-476
5.0
2020-07-29 CVE-2020-16117 Null Pointer Dereference vulnerability in multiple products
In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt.
network
gnome debian CWE-476
4.3
2020-07-17 CVE-2020-14928 Injection vulnerability in multiple products
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3.
4.3
2020-06-08 CVE-2020-10754 Missing Authentication FOR Critical Function vulnerability in multiple products
It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile.
network
low complexity
gnome fedoraproject CWE-306
4.0