Vulnerabilities > Gnome
|2020-12-28||CVE-2020-27837|| Race Condition vulnerability in Gnome Display Manager |
A flaw was found in GDM in versions prior to 184.108.40.206.
| 4.4 |
|2020-12-26||CVE-2020-29385|| Infinite Loop vulnerability in multiple products |
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes.
| 4.3 |
|2020-12-14||CVE-2020-35457|| Integer Overflow OR Wraparound vulnerability in Gnome Glib |
** DISPUTED ** GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries.
| 4.6 |
|2020-11-10||CVE-2020-16125|| Improper Check for Unusual OR Exceptional Conditions vulnerability in Gnome Display Manager |
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
| 4.6 |
|2020-08-26||CVE-2020-24661|| Improper Certificate Validation vulnerability in Gnome Geary |
GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store.
| 2.6 |
|2020-08-11||CVE-2020-17489|| Insufficiently Protected Credentials vulnerability in Gnome Gnome-Shell |
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4.
| 1.9 |
|2020-07-29||CVE-2020-16118|| Null Pointer Dereference vulnerability in Gnome Balsa |
In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.
| 5.0 |
|2020-07-29||CVE-2020-16117|| Null Pointer Dereference vulnerability in multiple products |
In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt.
| 4.3 |
|2020-07-17||CVE-2020-14928|| Injection vulnerability in multiple products |
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3.
| 4.3 |
|2020-06-08||CVE-2020-10754|| Missing Authentication FOR Critical Function vulnerability in multiple products |
It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile.
| 4.0 |