Vulnerabilities > Gnome > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-29 | CVE-2019-19451 | Infinite Loop vulnerability in multiple products When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. | 5.5 |
| 2019-11-27 | CVE-2019-19308 | NULL Pointer Dereference vulnerability in Gnome Gnome-Font-Viewer 3.34.0 In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that returns NULL). | 4.3 |
| 2019-11-25 | CVE-2011-3355 | Missing Encryption of Sensitive Data vulnerability in Gnome Evolution-Data-Server3 3.0.3/3.2.1 evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. | 4.3 |
| 2019-11-25 | CVE-2012-5535 | Information Exposure vulnerability in multiple products gnome-system-log polkit policy allows arbitrary files on the system to be read | 5.0 |
| 2019-11-01 | CVE-2013-3718 | Improper Input Validation vulnerability in multiple products evince is missing a check on number of pages which can lead to a segmentation fault | 4.3 |
| 2019-08-01 | CVE-2019-3890 | Improper Certificate Validation vulnerability in multiple products It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. | 5.8 |
| 2019-05-29 | CVE-2019-12449 | Improper Handling of Exceptional Conditions vulnerability in multiple products An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. | 5.7 |
| 2019-04-22 | CVE-2019-11459 | Use of Uninitialized Resource vulnerability in multiple products The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. | 5.5 |
| 2019-04-22 | CVE-2019-11461 | Unspecified vulnerability in Gnome Nautilus An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. local gnome | 4.4 |
| 2019-03-08 | CVE-2019-9633 | Improper Input Validation vulnerability in Gnome Glib 2.59.2 gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany). | 4.3 |