Vulnerabilities > Gnome
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-15 | CVE-2021-27219 | Incorrect Conversion between Numeric Types vulnerability in multiple products An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. | 7.5 |
| 2021-02-15 | CVE-2021-27218 | Incorrect Conversion between Numeric Types vulnerability in multiple products An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. | 7.5 |
| 2021-02-08 | CVE-2020-14391 | Insufficiently Protected Credentials vulnerability in Gnome Control Center A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. | 5.5 |
| 2021-02-05 | CVE-2020-36241 | Link Following vulnerability in multiple products autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. | 5.5 |
| 2021-02-01 | CVE-2021-3349 | Insufficient Verification of Data Authenticity vulnerability in Gnome Evolution GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. | 3.3 |
| 2020-12-28 | CVE-2020-27837 | Race Condition vulnerability in Gnome Display Manager A flaw was found in GDM in versions prior to 3.38.2.1. | 4.4 |
| 2020-12-26 | CVE-2020-29385 | Infinite Loop vulnerability in multiple products GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. | 5.5 |
| 2020-12-14 | CVE-2020-35457 | Integer Overflow or Wraparound vulnerability in Gnome Glib GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. | 7.8 |
| 2020-11-10 | CVE-2020-16125 | Improper Check for Unusual or Exceptional Conditions vulnerability in Gnome Display Manager gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account. | 4.6 |
| 2020-08-26 | CVE-2020-24661 | Improper Certificate Validation vulnerability in multiple products GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. | 5.9 |