Vulnerabilities > Gnome > Low

DATE CVE VULNERABILITY TITLE RISK
2021-04-07 CVE-2020-36314 Link Following vulnerability in multiple products
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations.
local
low complexity
gnome fedoraproject CWE-59
3.9
2021-02-01 CVE-2021-3349 Insufficient Verification of Data Authenticity vulnerability in Gnome Evolution
GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API.
local
low complexity
gnome CWE-345
3.3
2020-04-13 CVE-2020-11736 Link Following vulnerability in multiple products
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
local
low complexity
gnome debian canonical CWE-59
3.9
2019-11-05 CVE-2016-1000002 Information Exposure vulnerability in multiple products
gdm3 3.14.2 and possibly later has an information leak before screen lock
2.4
2016-10-25 CVE-2016-1000033 Improper Certificate Validation vulnerability in multiple products
Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.
network
high complexity
gnome redhat CWE-295
3.7