Vulnerabilities > Gnome > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-11 | CVE-2021-28153 | Link Following vulnerability in multiple products An issue was discovered in GNOME GLib before 2.66.8. | 5.3 |
| 2021-02-08 | CVE-2020-14391 | Insufficiently Protected Credentials vulnerability in Gnome Control Center A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. | 5.5 |
| 2021-02-05 | CVE-2020-36241 | Link Following vulnerability in multiple products autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. | 5.5 |
| 2020-12-28 | CVE-2020-27837 | Race Condition vulnerability in Gnome Display Manager A flaw was found in GDM in versions prior to 3.38.2.1. | 6.4 |
| 2020-12-26 | CVE-2020-29385 | Infinite Loop vulnerability in multiple products GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. | 5.5 |
| 2020-11-10 | CVE-2020-16125 | Improper Check for Unusual or Exceptional Conditions vulnerability in Gnome Display Manager gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account. | 6.8 |
| 2020-08-26 | CVE-2020-24661 | Improper Certificate Validation vulnerability in multiple products GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. | 5.9 |
| 2020-08-11 | CVE-2020-17489 | Insufficiently Protected Credentials vulnerability in multiple products An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. | 4.3 |
| 2020-07-29 | CVE-2020-16117 | NULL Pointer Dereference vulnerability in multiple products In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. | 5.9 |
| 2020-07-17 | CVE-2020-14928 | Injection vulnerability in multiple products evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. | 5.9 |