Vulnerabilities > Gnome
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-14 | CVE-2022-37290 | NULL Pointer Dereference vulnerability in Gnome Nautilus 42.2 GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive. | 5.5 |
| 2022-08-23 | CVE-2021-3800 | Information Exposure vulnerability in multiple products A flaw was found in glib before version 2.63.6. | 7.5 |
| 2022-07-24 | CVE-2021-46829 | Out-of-bounds Write vulnerability in multiple products GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. | 7.8 |
| 2022-04-29 | CVE-2021-3982 | Improper Check for Dropped Privileges vulnerability in Gnome Gnome-Shell Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. | 5.5 |
| 2022-04-20 | CVE-2022-29536 | Out-of-bounds Write vulnerability in multiple products In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. | 7.5 |
| 2022-03-25 | CVE-2021-3567 | Improper Input Validation vulnerability in Gnome Caribou A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. | 5.0 |
| 2022-03-24 | CVE-2022-27811 | OS Command Injection vulnerability in Gnome Ocrfeeder GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename. | 7.5 |
| 2022-02-18 | CVE-2021-20315 | Improper Locking vulnerability in multiple products A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. | 6.1 |
| 2022-01-12 | CVE-2021-44648 | Out-of-bounds Write vulnerability in multiple products GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12. | 8.8 |
| 2021-12-16 | CVE-2021-45085 | Cross-site Scripting vulnerability in multiple products XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list. | 4.3 |