Vulnerabilities > Gnome

DATE CVE VULNERABILITY TITLE RISK
2023-02-20 CVE-2023-26081 Exposure of Resource to Wrong Sphere vulnerability in multiple products
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
network
low complexity
gnome fedoraproject CWE-668
7.5
2022-11-14 CVE-2022-37290 NULL Pointer Dereference vulnerability in multiple products
GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.
local
low complexity
gnome fedoraproject CWE-476
5.5
2022-08-25 CVE-2021-42522 Information Exposure vulnerability in Gnome Anjuta 2.0.0
There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c.
network
low complexity
gnome CWE-200
7.5
2022-08-23 CVE-2021-3800 Information Exposure vulnerability in multiple products
A flaw was found in glib before version 2.63.6.
network
low complexity
gnome debian netapp CWE-200
7.5
2022-07-24 CVE-2021-46829 Out-of-bounds Write vulnerability in multiple products
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame.
local
low complexity
gnome fedoraproject debian CWE-787
7.8
2022-04-29 CVE-2021-3982 Improper Check for Dropped Privileges vulnerability in Gnome Gnome-Shell
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue.
local
low complexity
gnome CWE-273
5.5
2022-04-20 CVE-2022-29536 Out-of-bounds Write vulnerability in multiple products
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title.
network
low complexity
gnome fedoraproject debian CWE-787
7.5
2022-03-25 CVE-2021-3567 Improper Input Validation vulnerability in Gnome Caribou
A flaw was found in Caribou due to a regression of CVE-2020-25712 fix.
network
low complexity
gnome CWE-20
5.0
2022-03-24 CVE-2022-27811 OS Command Injection vulnerability in Gnome Ocrfeeder
GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename.
network
low complexity
gnome CWE-78
7.5
2022-02-18 CVE-2021-20315 Improper Locking vulnerability in multiple products
A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled.
low complexity
gnome centos CWE-667
6.1