Vulnerabilities > Gnome > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-11-01 CVE-2013-3718 Improper Input Validation vulnerability in multiple products
evince is missing a check on number of pages which can lead to a segmentation fault
local
low complexity
gnome debian redhat opensuse CWE-20
5.5
2019-09-21 CVE-2019-16680 Path Traversal vulnerability in multiple products
An issue was discovered in GNOME file-roller before 3.29.91.
network
low complexity
gnome redhat debian canonical CWE-22
4.3
2019-05-29 CVE-2019-12449 Improper Handling of Exceptional Conditions vulnerability in multiple products
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
network
low complexity
gnome canonical opensuse fedoraproject CWE-755
5.7
2019-04-22 CVE-2019-11459 Use of Uninitialized Resource vulnerability in multiple products
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
5.5
2019-03-08 CVE-2019-9633 Improper Check for Unusual or Exceptional Conditions vulnerability in Gnome Glib 2.59.2
gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).
network
low complexity
gnome CWE-754
6.5
2019-02-11 CVE-2018-15587 Improper Verification of Cryptographic Signature vulnerability in multiple products
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.
network
low complexity
gnome debian CWE-347
6.5
2019-02-06 CVE-2019-3825 Improper Authentication vulnerability in multiple products
A vulnerability was discovered in gdm before 3.31.4.
high complexity
gnome canonical redhat CWE-287
6.4
2019-02-06 CVE-2019-3820 Improper Authentication vulnerability in multiple products
It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions.
low complexity
gnome opensuse canonical CWE-287
4.3
2018-11-18 CVE-2008-7320 Credentials Management vulnerability in Gnome Seahorse
GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked.
low complexity
gnome CWE-255
6.8
2018-08-24 CVE-2018-15120 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
network
low complexity
gnome canonical CWE-119
6.5