Vulnerabilities > Gnome
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-07 | CVE-2020-36314 | Path Traversal vulnerability in Gnome File-Roller fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. | 2.6 |
| 2021-03-17 | CVE-2021-28650 | Link Following vulnerability in multiple products autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. | 2.1 |
| 2021-03-11 | CVE-2021-28153 | Link Following vulnerability in multiple products An issue was discovered in GNOME GLib before 2.66.8. | 5.0 |
| 2021-02-15 | CVE-2021-27219 | Incorrect Conversion Between Numeric Types vulnerability in multiple products An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. | 5.0 |
| 2021-02-15 | CVE-2021-27218 | Incorrect Conversion Between Numeric Types vulnerability in multiple products An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. | 5.0 |
| 2021-02-08 | CVE-2020-14391 | Insufficiently Protected Credentials vulnerability in Gnome Control Center A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. | 2.1 |
| 2021-02-05 | CVE-2020-36241 | Link Following vulnerability in multiple products autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. | 2.1 |
| 2021-02-01 | CVE-2021-3349 | Insufficient Verification of Data Authenticity vulnerability in Gnome Evolution ** DISPUTED ** GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. | 2.1 |
| 2020-12-28 | CVE-2020-27837 | Race Condition vulnerability in Gnome Display Manager A flaw was found in GDM in versions prior to 3.38.2.1. | 4.4 |
| 2020-12-26 | CVE-2020-29385 | Infinite Loop vulnerability in multiple products GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. | 4.3 |