Vulnerabilities > Gnome
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-22 | CVE-2019-11459 | Use of Uninitialized Resource vulnerability in multiple products The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. | 5.5 |
| 2019-04-22 | CVE-2019-11461 | Unspecified vulnerability in Gnome Nautilus An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. | 7.8 |
| 2019-03-25 | CVE-2019-3827 | Incorrect Authorization vulnerability in Gnome Gvfs An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. | 7.0 |
| 2019-03-08 | CVE-2019-9633 | Improper Check for Unusual or Exceptional Conditions vulnerability in Gnome Glib 2.59.2 gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany). | 6.5 |
| 2019-03-07 | CVE-2017-12447 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gnome Gdk-Pixbuf and Nautilus GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder. | 7.8 |
| 2019-02-12 | CVE-2018-20781 | Insufficiently Protected Credentials vulnerability in multiple products In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. | 7.8 |
| 2019-02-11 | CVE-2018-15587 | Improper Verification of Cryptographic Signature vulnerability in multiple products GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. | 6.5 |
| 2019-02-06 | CVE-2019-3825 | Improper Authentication vulnerability in multiple products A vulnerability was discovered in gdm before 3.31.4. | 6.4 |
| 2019-02-06 | CVE-2019-3820 | Improper Authentication vulnerability in multiple products It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. | 4.3 |
| 2019-01-14 | CVE-2019-6251 | WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. | 8.1 |