Vulnerabilities > Gnome > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-11 CVE-2021-28153 Link Following vulnerability in multiple products
An issue was discovered in GNOME GLib before 2.66.8.
network
low complexity
gnome debian fedoraproject broadcom CWE-59
5.3
2021-02-08 CVE-2020-14391 Insufficiently Protected Credentials vulnerability in Gnome Control Center
A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface.
local
low complexity
gnome CWE-522
5.5
2021-02-05 CVE-2020-36241 Link Following vulnerability in multiple products
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
local
low complexity
gnome fedoraproject CWE-59
5.5
2020-12-28 CVE-2020-27837 Race Condition vulnerability in Gnome Display Manager
A flaw was found in GDM in versions prior to 3.38.2.1.
high complexity
gnome CWE-362
6.4
2020-12-26 CVE-2020-29385 Infinite Loop vulnerability in multiple products
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes.
local
low complexity
gnome canonical fedoraproject CWE-835
5.5
2020-11-10 CVE-2020-16125 Improper Check for Unusual or Exceptional Conditions vulnerability in Gnome Display Manager
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
low complexity
gnome CWE-754
6.8
2020-08-26 CVE-2020-24661 Improper Certificate Validation vulnerability in multiple products
GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store.
network
high complexity
gnome fedoraproject CWE-295
5.9
2020-08-11 CVE-2020-17489 Insufficiently Protected Credentials vulnerability in multiple products
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4.
4.3
2020-07-29 CVE-2020-16117 NULL Pointer Dereference vulnerability in multiple products
In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt.
network
high complexity
gnome debian CWE-476
5.9
2020-07-17 CVE-2020-14928 Injection vulnerability in multiple products
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3.
network
high complexity
gnome debian fedoraproject canonical CWE-74
5.9