Vulnerabilities > Gnome > High

DATE CVE VULNERABILITY TITLE RISK
2019-01-14 CVE-2019-6251 WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. 8.1
2018-11-18 CVE-2018-19358 Unspecified vulnerability in Gnome Gnome-Keyring
GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320.
local
low complexity
gnome
7.8
2018-10-29 CVE-2018-18718 Double Free vulnerability in multiple products
An issue was discovered in gThumb through 3.6.2.
local
low complexity
gnome debian CWE-415
7.8
2018-09-04 CVE-2018-16429 Out-of-bounds Read vulnerability in multiple products
GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().
network
low complexity
gnome canonical CWE-125
7.5
2018-08-14 CVE-2018-14424 Use After Free vulnerability in Gnome Display Manager
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.
local
low complexity
gnome CWE-416
7.8
2018-07-26 CVE-2018-10900 OS Command Injection vulnerability in multiple products
Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack.
local
low complexity
gnome debian CWE-78
7.8
2018-06-07 CVE-2018-12016 Unspecified vulnerability in Gnome Epiphany
libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls.
network
low complexity
gnome
7.5
2018-05-23 CVE-2018-11396 Unspecified vulnerability in Gnome Epiphany
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.
network
low complexity
gnome
7.5
2018-03-20 CVE-2018-1000135 Information Exposure vulnerability in multiple products
GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN.
network
low complexity
gnome canonical CWE-200
7.5
2018-02-09 CVE-2018-1000041 GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB.
network
low complexity
gnome debian
8.8