Vulnerabilities > Gnome
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-20 | CVE-2023-26081 | Exposure of Resource to Wrong Sphere vulnerability in multiple products In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. | 7.5 |
| 2022-12-26 | CVE-2019-25085 | Use After Free vulnerability in Gnome Gvariant Database A vulnerability was found in GNOME gvdb. | 8.8 |
| 2022-11-14 | CVE-2022-37290 | NULL Pointer Dereference vulnerability in multiple products GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive. | 5.5 |
| 2022-08-25 | CVE-2021-42522 | Memory Leak vulnerability in Gnome Anjuta 2.0.0 There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. | 7.5 |
| 2022-08-23 | CVE-2021-3800 | Information Exposure vulnerability in multiple products A flaw was found in glib before version 2.63.6. | 5.5 |
| 2022-07-24 | CVE-2021-46829 | Integer Overflow or Wraparound vulnerability in multiple products GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. | 7.8 |
| 2022-04-29 | CVE-2021-3982 | Improper Check for Dropped Privileges vulnerability in Gnome Gnome-Shell Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. | 5.5 |
| 2022-04-20 | CVE-2022-29536 | Out-of-bounds Write vulnerability in multiple products In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. | 7.5 |
| 2022-03-25 | CVE-2021-3567 | Out-of-bounds Write vulnerability in Gnome Caribou A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. | 7.5 |
| 2022-03-24 | CVE-2022-27811 | OS Command Injection vulnerability in Gnome Ocrfeeder GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename. | 9.8 |