Vulnerabilities > Gnome > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-11-29 CVE-2019-19451 Infinite Loop vulnerability in multiple products
When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout.
local
low complexity
gnome fedoraproject opensuse CWE-835
5.5
2019-11-27 CVE-2019-19308 NULL Pointer Dereference vulnerability in Gnome Gnome-Font-Viewer 3.34.0
In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that returns NULL).
network
gnome CWE-476
4.3
2019-11-25 CVE-2011-3355 Missing Encryption of Sensitive Data vulnerability in Gnome Evolution-Data-Server3 3.0.3/3.2.1
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server.
network
gnome linux CWE-311
4.3
2019-11-25 CVE-2012-5535 Information Exposure vulnerability in multiple products
gnome-system-log polkit policy allows arbitrary files on the system to be read
network
low complexity
gnome fedoraproject CWE-200
5.0
2019-11-01 CVE-2013-3718 Improper Input Validation vulnerability in multiple products
evince is missing a check on number of pages which can lead to a segmentation fault
4.3
2019-08-01 CVE-2019-3890 Improper Certificate Validation vulnerability in multiple products
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates.
network
gnome redhat CWE-295
5.8
2019-05-29 CVE-2019-12449 Improper Handling of Exceptional Conditions vulnerability in multiple products
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
network
low complexity
gnome canonical opensuse fedoraproject CWE-755
5.7
2019-04-22 CVE-2019-11459 Use of Uninitialized Resource vulnerability in multiple products
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
5.5
2019-04-22 CVE-2019-11461 Unspecified vulnerability in Gnome Nautilus
An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1.
local
gnome
4.4
2019-03-08 CVE-2019-9633 Improper Input Validation vulnerability in Gnome Glib 2.59.2
gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).
network
gnome CWE-20
4.3