Vulnerabilities > Gnome > High

DATE CVE VULNERABILITY TITLE RISK
2018-11-18 CVE-2018-19358 Unspecified vulnerability in Gnome Gnome-Keyring
GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320.
local
low complexity
gnome
7.8
2018-09-04 CVE-2018-16429 Out-of-bounds Read vulnerability in multiple products
GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().
network
low complexity
gnome canonical CWE-125
7.5
2018-09-04 CVE-2018-16428 NULL Pointer Dereference vulnerability in multiple products
In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.
network
low complexity
gnome canonical CWE-476
7.5
2018-07-26 CVE-2018-10900 OS Command Injection vulnerability in multiple products
Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack.
local
low complexity
gnome debian CWE-78
7.2
2018-04-24 CVE-2017-2885 Out-of-bounds Write vulnerability in multiple products
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58.
network
low complexity
gnome debian redhat CWE-787
7.5
2017-09-05 CVE-2017-14108 Resource Exhaustion vulnerability in Gnome Gedit 3.22.1
libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters.
network
gnome CWE-400
7.1
2017-08-18 CVE-2015-2675 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gnome Librest 0.7.92
The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account.
network
low complexity
gnome CWE-119
7.5
2017-07-17 CVE-2017-1000044 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gnome Gtk-Vnc 0.4.2
gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering
network
low complexity
gnome CWE-119
7.5
2017-06-12 CVE-2017-8871 Infinite Loop vulnerability in multiple products
The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.
7.1
2017-04-19 CVE-2017-7961 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gnome Libcroco 0.6.11/0.6.12
The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file.
local
low complexity
gnome CWE-119
7.8