Vulnerabilities > Gnome
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-24 | CVE-2017-11590 | NULL Pointer Dereference vulnerability in Gnome Libgxps 0.2.5 There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. | 7.5 |
| 2017-07-19 | CVE-2017-11464 | Divide By Zero vulnerability in Gnome Librsvg 2.40.17 A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero. | 7.8 |
| 2017-07-17 | CVE-2017-1000044 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gnome Gtk-Vnc 0.4.2 gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering | 9.8 |
| 2017-07-17 | CVE-2017-1000025 | Information Exposure vulnerability in Gnome Epiphany GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites. | 7.5 |
| 2017-07-17 | CVE-2017-1000024 | Cleartext Transmission of Sensitive Information vulnerability in Gnome Shotwell Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission | 7.5 |
| 2017-07-11 | CVE-2017-11171 | Infinite Loop vulnerability in Gnome Gnome-Session 2.29.92 Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). | 5.5 |
| 2017-06-12 | CVE-2017-8871 | Infinite Loop vulnerability in multiple products The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file. | 6.5 |
| 2017-06-12 | CVE-2017-8834 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file. | 6.5 |
| 2017-04-27 | CVE-2017-8288 | Improper Input Validation vulnerability in Gnome Gnome-Shell gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. | 8.1 |
| 2017-04-19 | CVE-2017-7961 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gnome Libcroco 0.6.11/0.6.12 The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. | 7.8 |