Vulnerabilities > Gnome > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-15 | CVE-2021-27218 | Incorrect Conversion between Numeric Types vulnerability in multiple products An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. | 7.5 |
| 2020-12-14 | CVE-2020-35457 | Integer Overflow or Wraparound vulnerability in Gnome Glib GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. | 7.8 |
| 2020-07-29 | CVE-2020-16118 | NULL Pointer Dereference vulnerability in multiple products In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c. | 7.5 |
| 2020-05-12 | CVE-2020-12825 | Uncontrolled Recursion vulnerability in Gnome Libcroco libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. | 7.1 |
| 2020-03-16 | CVE-2019-20326 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file. | 7.8 |
| 2020-02-06 | CVE-2013-4166 | Information Exposure vulnerability in multiple products The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. | 7.5 |
| 2019-12-20 | CVE-2012-6111 | Improper Input Validation vulnerability in multiple products gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function | 7.5 |
| 2019-12-11 | CVE-2013-4245 | Improper Input Validation vulnerability in multiple products Orca has arbitrary code execution due to insecure Python module load | 7.3 |
| 2019-11-25 | CVE-2011-3355 | Missing Encryption of Sensitive Data vulnerability in Gnome Evolution-Data-Server3 3.0.3/3.2.1 evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. | 7.3 |
| 2019-11-25 | CVE-2012-5535 | Information Exposure vulnerability in multiple products gnome-system-log polkit policy allows arbitrary files on the system to be read | 7.5 |