Vulnerabilities > Gnome > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-01 | CVE-2013-3718 | Improper Input Validation vulnerability in multiple products evince is missing a check on number of pages which can lead to a segmentation fault | 5.5 |
| 2019-09-21 | CVE-2019-16680 | Path Traversal vulnerability in multiple products An issue was discovered in GNOME file-roller before 3.29.91. | 4.3 |
| 2019-05-29 | CVE-2019-12449 | Improper Handling of Exceptional Conditions vulnerability in multiple products An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. | 5.7 |
| 2019-04-22 | CVE-2019-11459 | Use of Uninitialized Resource vulnerability in multiple products The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. | 5.5 |
| 2019-03-08 | CVE-2019-9633 | Improper Check for Unusual or Exceptional Conditions vulnerability in Gnome Glib 2.59.2 gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany). | 6.5 |
| 2019-02-11 | CVE-2018-15587 | Improper Verification of Cryptographic Signature vulnerability in multiple products GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. | 6.5 |
| 2019-02-06 | CVE-2019-3825 | Improper Authentication vulnerability in multiple products A vulnerability was discovered in gdm before 3.31.4. | 6.4 |
| 2019-02-06 | CVE-2019-3820 | Improper Authentication vulnerability in multiple products It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. | 4.3 |
| 2018-11-18 | CVE-2008-7320 | Credentials Management vulnerability in Gnome Seahorse GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. | 6.8 |
| 2018-08-24 | CVE-2018-15120 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences. | 6.5 |