Vulnerabilities > Gnome

DATE CVE VULNERABILITY TITLE RISK
2021-04-07 CVE-2020-36314 Path Traversal vulnerability in Gnome File-Roller
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations.
local
high complexity
gnome CWE-22
2.6
2021-03-17 CVE-2021-28650 Link Following vulnerability in multiple products
autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations.
local
low complexity
gnome fedoraproject CWE-59
2.1
2021-03-11 CVE-2021-28153 Link Following vulnerability in multiple products
An issue was discovered in GNOME GLib before 2.66.8.
network
low complexity
gnome fedoraproject CWE-59
5.0
2021-02-15 CVE-2021-27219 Incorrect Conversion Between Numeric Types vulnerability in multiple products
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3.
network
low complexity
gnome fedoraproject CWE-681
5.0
2021-02-15 CVE-2021-27218 Incorrect Conversion Between Numeric Types vulnerability in multiple products
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4.
network
low complexity
gnome fedoraproject CWE-681
5.0
2021-02-08 CVE-2020-14391 Insufficiently Protected Credentials vulnerability in Gnome Control Center
A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface.
local
low complexity
gnome CWE-522
2.1
2021-02-05 CVE-2020-36241 Link Following vulnerability in multiple products
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
local
low complexity
gnome fedoraproject CWE-59
2.1
2021-02-01 CVE-2021-3349 Insufficient Verification of Data Authenticity vulnerability in Gnome Evolution
** DISPUTED ** GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API.
local
low complexity
gnome CWE-345
2.1
2020-12-28 CVE-2020-27837 Race Condition vulnerability in Gnome Display Manager
A flaw was found in GDM in versions prior to 3.38.2.1.
local
gnome CWE-362
4.4
2020-12-26 CVE-2020-29385 Infinite Loop vulnerability in multiple products
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes.
4.3