Vulnerabilities > Gnome

DATE CVE VULNERABILITY TITLE RISK
2022-11-14 CVE-2022-37290 NULL Pointer Dereference vulnerability in Gnome Nautilus 42.2
GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.
local
low complexity
gnome CWE-476
5.5
2022-08-23 CVE-2021-3800 Information Exposure vulnerability in multiple products
A flaw was found in glib before version 2.63.6.
network
low complexity
gnome debian CWE-200
7.5
2022-07-24 CVE-2021-46829 Out-of-bounds Write vulnerability in multiple products
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame.
local
low complexity
gnome fedoraproject debian CWE-787
7.8
2022-04-29 CVE-2021-3982 Improper Check for Dropped Privileges vulnerability in Gnome Gnome-Shell
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue.
local
low complexity
gnome CWE-273
5.5
2022-04-20 CVE-2022-29536 Out-of-bounds Write vulnerability in multiple products
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title.
network
low complexity
gnome fedoraproject debian CWE-787
7.5
2022-03-25 CVE-2021-3567 Improper Input Validation vulnerability in Gnome Caribou
A flaw was found in Caribou due to a regression of CVE-2020-25712 fix.
network
low complexity
gnome CWE-20
5.0
2022-03-24 CVE-2022-27811 OS Command Injection vulnerability in Gnome Ocrfeeder
GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename.
network
low complexity
gnome CWE-78
7.5
2022-02-18 CVE-2021-20315 Improper Locking vulnerability in multiple products
A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled.
low complexity
gnome centos CWE-667
6.1
2022-01-12 CVE-2021-44648 Out-of-bounds Write vulnerability in multiple products
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.
network
low complexity
gnome fedoraproject debian CWE-787
8.8
2021-12-16 CVE-2021-45085 Cross-site Scripting vulnerability in multiple products
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.
network
gnome debian CWE-79
4.3