Vulnerabilities > Gnome
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-28 | CVE-2020-27837 | Race Condition vulnerability in Gnome Display Manager A flaw was found in GDM in versions prior to 3.38.2.1. | 4.4 |
| 2020-12-26 | CVE-2020-29385 | Infinite Loop vulnerability in multiple products GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. | 4.3 |
| 2020-12-14 | CVE-2020-35457 | Integer Overflow OR Wraparound vulnerability in Gnome Glib ** DISPUTED ** GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. | 4.6 |
| 2020-11-10 | CVE-2020-16125 | Improper Check for Unusual OR Exceptional Conditions vulnerability in Gnome Display Manager gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account. | 4.6 |
| 2020-08-26 | CVE-2020-24661 | Improper Certificate Validation vulnerability in Gnome Geary GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. | 2.6 |
| 2020-08-11 | CVE-2020-17489 | Insufficiently Protected Credentials vulnerability in Gnome Gnome-Shell An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. | 1.9 |
| 2020-07-29 | CVE-2020-16118 | Null Pointer Dereference vulnerability in Gnome Balsa In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c. | 5.0 |
| 2020-07-29 | CVE-2020-16117 | Null Pointer Dereference vulnerability in multiple products In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. | 4.3 |
| 2020-07-17 | CVE-2020-14928 | Injection vulnerability in multiple products evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. | 4.3 |
| 2020-06-08 | CVE-2020-10754 | Missing Authentication FOR Critical Function vulnerability in multiple products It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. | 4.0 |