Vulnerabilities > Gnome > High

DATE CVE VULNERABILITY TITLE RISK
2019-08-01 CVE-2019-3890 Improper Certificate Validation vulnerability in multiple products
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates.
network
low complexity
gnome redhat CWE-295
8.1
2019-07-15 CVE-2019-1010006 Integer Overflow or Wraparound vulnerability in multiple products
Evince 3.26.0 is affected by buffer overflow.
local
low complexity
gnome canonical debian opensuse CWE-190
7.8
2019-06-28 CVE-2019-13012 Incorrect Permission Assignment for Critical Resource vulnerability in Gnome Glib
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).
network
low complexity
gnome CWE-732
7.5
2019-06-11 CVE-2019-12795 Incorrect Default Permissions vulnerability in Gnome Gvfs
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule.
local
low complexity
gnome CWE-276
7.8
2019-05-29 CVE-2019-12448 Race Condition vulnerability in Gnome Gvfs
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
network
high complexity
gnome CWE-362
8.1
2019-05-29 CVE-2019-12447 An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
network
low complexity
gnome canonical opensuse fedoraproject
7.3
2019-04-22 CVE-2019-11461 Unspecified vulnerability in Gnome Nautilus
An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1.
local
high complexity
gnome
7.8
2019-03-25 CVE-2019-3827 Incorrect Authorization vulnerability in Gnome Gvfs
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running.
local
high complexity
gnome CWE-863
7.0
2019-03-07 CVE-2017-12447 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gnome Gdk-Pixbuf and Nautilus
GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.
local
low complexity
gnome CWE-119
7.8
2019-02-12 CVE-2018-20781 Insufficiently Protected Credentials vulnerability in multiple products
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon.
local
low complexity
gnome canonical oracle CWE-522
7.8