Vulnerabilities > Gnome > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-07-26 CVE-2017-12164 Improper Initialization vulnerability in Gnome Display Manager 3.24.1
A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin.
high complexity
gnome CWE-665
6.4
2018-06-04 CVE-2018-11713 WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections.
network
low complexity
webkitgtk gnome
6.5
2018-05-16 CVE-2017-17689 The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. 5.9
2018-05-06 CVE-2018-10767 Out-of-bounds Read vulnerability in multiple products
There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call.
network
low complexity
gnome redhat CWE-125
6.5
2018-05-04 CVE-2018-10733 Out-of-bounds Read vulnerability in multiple products
There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0.
network
low complexity
gnome redhat opensuse CWE-125
6.5
2017-09-20 CVE-2017-14604 Improper Input Validation vulnerability in multiple products
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command.
network
low complexity
gnome debian CWE-20
6.5
2017-09-05 CVE-2017-14108 Resource Exhaustion vulnerability in Gnome Gedit 3.22.1
libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters.
local
low complexity
gnome CWE-400
5.5
2017-07-11 CVE-2017-11171 Infinite Loop vulnerability in Gnome Gnome-Session 2.29.92
Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie).
local
low complexity
gnome CWE-835
5.5
2017-06-12 CVE-2017-8871 Infinite Loop vulnerability in multiple products
The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.
network
low complexity
gnome opensuse CWE-835
6.5
2017-06-12 CVE-2017-8834 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.
network
low complexity
gnome opensuse CWE-119
6.5