Vulnerabilities > Gnome > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-22 CVE-2023-43090 A vulnerability was found in GNOME Shell.
local
low complexity
gnome fedoraproject
5.5
5.5
2023-09-14 CVE-2023-32611 Resource Exhaustion vulnerability in Gnome Glib
A flaw was found in GLib.
local
low complexity
gnome CWE-400
5.5
5.5
2023-09-14 CVE-2023-32665 Deserialization of Untrusted Data vulnerability in Gnome Glib
A flaw was found in GLib.
local
low complexity
gnome CWE-502
5.5
5.5
2023-07-22 CVE-2023-38633 Path Traversal vulnerability in multiple products
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
local
low complexity
gnome fedoraproject debian CWE-22
5.5
5.5
2022-11-14 CVE-2022-37290 NULL Pointer Dereference vulnerability in multiple products
GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.
local
low complexity
gnome fedoraproject CWE-476
5.5
5.5
2022-08-23 CVE-2021-3800 Information Exposure vulnerability in multiple products
A flaw was found in glib before version 2.63.6.
local
low complexity
gnome debian netapp CWE-200
5.5
5.5
2022-04-29 CVE-2021-3982 Improper Check for Dropped Privileges vulnerability in Gnome Gnome-Shell
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue.
local
low complexity
gnome CWE-273
5.5
5.5
2022-02-18 CVE-2021-20315 Improper Locking vulnerability in multiple products
A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled.
low complexity
gnome centos CWE-667
6.1
6.1
2021-12-16 CVE-2021-45085 Cross-site Scripting vulnerability in multiple products
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.
network
gnome debian CWE-79
4.3
4.3
2021-12-16 CVE-2021-45086 Cross-site Scripting vulnerability in multiple products
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.
network
gnome debian CWE-79
4.3
4.3