Vulnerabilities > Gnome > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-03-24 CVE-2022-27811 OS Command Injection vulnerability in Gnome Ocrfeeder
GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename.
network
low complexity
gnome CWE-78
critical
9.8
2020-02-21 CVE-2012-0828 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP).
network
low complexity
xchat-wdk xchat gnome CWE-787
critical
9.8
2019-11-12 CVE-2011-2897 Improper Input Validation vulnerability in multiple products
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw
network
low complexity
gnome redhat debian CWE-20
critical
9.8
2019-10-06 CVE-2019-17266 Out-of-bounds Read vulnerability in multiple products
libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.
network
low complexity
gnome canonical CWE-125
critical
9.8
2019-07-19 CVE-2019-1010238 Out-of-bounds Write vulnerability in multiple products
Gnome Pango 1.42 and later is affected by: Buffer Overflow.
network
low complexity
gnome oracle fedoraproject debian canonical redhat CWE-787
critical
9.8
2019-05-29 CVE-2019-12450 Incorrect Default Permissions vulnerability in multiple products
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress.
network
low complexity
gnome debian redhat canonical opensuse fedoraproject CWE-276
critical
9.8
2019-04-22 CVE-2019-11460 Improper Input Validation vulnerability in Gnome Gnome-Desktop
An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1.
network
high complexity
gnome CWE-20
critical
9.0
2018-09-04 CVE-2018-16428 NULL Pointer Dereference vulnerability in multiple products
In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.
network
low complexity
gnome canonical CWE-476
critical
9.8
2018-07-20 CVE-2016-10727 Information Exposure vulnerability in multiple products
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
network
low complexity
canonical gnome CWE-200
critical
9.8
2018-07-05 CVE-2018-12910 Out-of-bounds Read vulnerability in multiple products
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
network
low complexity
gnome canonical debian redhat opensuse CWE-125
critical
9.8