Vulnerabilities > Gnome > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-01 | CVE-2019-3890 | Improper Certificate Validation vulnerability in multiple products It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. | 8.1 |
| 2019-07-15 | CVE-2019-1010006 | Integer Overflow or Wraparound vulnerability in multiple products Evince 3.26.0 is affected by buffer overflow. | 7.8 |
| 2019-06-28 | CVE-2019-13012 | Incorrect Permission Assignment for Critical Resource vulnerability in Gnome Glib The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). | 7.5 |
| 2019-06-11 | CVE-2019-12795 | Incorrect Default Permissions vulnerability in Gnome Gvfs daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. | 7.8 |
| 2019-05-29 | CVE-2019-12448 | Race Condition vulnerability in Gnome Gvfs An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. | 8.1 |
| 2019-05-29 | CVE-2019-12447 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. | 7.3 |
| 2019-04-22 | CVE-2019-11461 | Unspecified vulnerability in Gnome Nautilus An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. | 7.8 |
| 2019-03-25 | CVE-2019-3827 | Incorrect Authorization vulnerability in Gnome Gvfs An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. | 7.0 |
| 2019-03-07 | CVE-2017-12447 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gnome Gdk-Pixbuf and Nautilus GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder. | 7.8 |
| 2019-02-12 | CVE-2018-20781 | Insufficiently Protected Credentials vulnerability in multiple products In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. | 7.8 |