Vulnerabilities > Gnome

DATE CVE VULNERABILITY TITLE RISK
2021-07-19 CVE-2020-36427 Unspecified vulnerability in Gnome Gthumb
GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image.
network
gnome
4.3
2021-05-28 CVE-2021-20240 Integer Underflow (Wrap OR Wraparound) vulnerability in multiple products
A flaw was found in gdk-pixbuf in versions before 2.42.0.
8.3
2021-05-26 CVE-2009-3721 Path Traversal vulnerability in multiple products
Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF.
6.8
2021-05-26 CVE-2021-20297 Improper Input Validation vulnerability in multiple products
A flaw was found in NetworkManager in versions before 1.30.0.
local
low complexity
gnome redhat fedoraproject CWE-20
2.1
2021-05-25 CVE-2016-20011 Improper Certificate Validation vulnerability in Gnome Libgrss
libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection.
network
low complexity
gnome CWE-295
5.0
2021-05-24 CVE-2021-33516 Unspecified vulnerability in Gnome Gupnp
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5.
network
gnome
5.8
2021-04-07 CVE-2020-36314 Path Traversal vulnerability in multiple products
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations.
local
high complexity
gnome fedoraproject CWE-22
2.6
2021-03-17 CVE-2021-28650 Link Following vulnerability in multiple products
autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations.
local
low complexity
gnome fedoraproject CWE-59
2.1
2021-03-11 CVE-2021-28153 Link Following vulnerability in multiple products
An issue was discovered in GNOME GLib before 2.66.8.
network
low complexity
gnome fedoraproject CWE-59
5.0
2021-02-15 CVE-2021-27219 Incorrect Conversion Between Numeric Types vulnerability in multiple products
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3.
network
low complexity
gnome fedoraproject CWE-681
5.0