Vulnerabilities > Gnome > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-05-24 CVE-2021-33516 Unspecified vulnerability in Gnome Gupnp
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5.
network
gnome
5.8
2021-03-17 CVE-2021-28650 Link Following vulnerability in multiple products
autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations.
local
low complexity
gnome fedoraproject CWE-59
5.5
2021-03-11 CVE-2021-28153 Link Following vulnerability in multiple products
An issue was discovered in GNOME GLib before 2.66.8.
network
low complexity
gnome debian fedoraproject broadcom CWE-59
5.3
2021-02-08 CVE-2020-14391 Insufficiently Protected Credentials vulnerability in Gnome Control Center
A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface.
local
low complexity
gnome CWE-522
5.5
2021-02-05 CVE-2020-36241 Link Following vulnerability in multiple products
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
local
low complexity
gnome fedoraproject CWE-59
5.5
2020-12-28 CVE-2020-27837 Race Condition vulnerability in Gnome Display Manager
A flaw was found in GDM in versions prior to 3.38.2.1.
local
gnome CWE-362
4.4
2020-12-26 CVE-2020-29385 Infinite Loop vulnerability in multiple products
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes.
local
low complexity
gnome canonical fedoraproject CWE-835
5.5
2020-11-10 CVE-2020-16125 Improper Check for Unusual or Exceptional Conditions vulnerability in Gnome Display Manager
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
local
low complexity
gnome CWE-754
4.6
2020-08-26 CVE-2020-24661 Improper Certificate Validation vulnerability in multiple products
GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store.
network
high complexity
gnome fedoraproject CWE-295
5.9
2020-07-29 CVE-2020-16117 NULL Pointer Dereference vulnerability in multiple products
In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt.
network
gnome debian CWE-476
4.3