Vulnerabilities > Gnome > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-14 | CVE-2019-6251 | WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. | 8.1 |
| 2018-11-18 | CVE-2018-19358 | Unspecified vulnerability in Gnome Gnome-Keyring GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. | 7.8 |
| 2018-10-29 | CVE-2018-18718 | Double Free vulnerability in multiple products An issue was discovered in gThumb through 3.6.2. | 7.8 |
| 2018-09-04 | CVE-2018-16429 | Out-of-bounds Read vulnerability in multiple products GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). | 7.5 |
| 2018-08-14 | CVE-2018-14424 | Use After Free vulnerability in Gnome Display Manager The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution. | 7.8 |
| 2018-07-26 | CVE-2018-10900 | OS Command Injection vulnerability in multiple products Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. | 7.8 |
| 2018-06-07 | CVE-2018-12016 | Unspecified vulnerability in Gnome Epiphany libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls. | 7.5 |
| 2018-05-23 | CVE-2018-11396 | Unspecified vulnerability in Gnome Epiphany ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call. | 7.5 |
| 2018-03-20 | CVE-2018-1000135 | Information Exposure vulnerability in multiple products GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. | 7.5 |
| 2018-02-09 | CVE-2018-1000041 | GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. | 8.8 |