Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-07-26	CVE-2017-12164	Improper Initialization vulnerability in Gnome Display Manager 3.24.1 A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. high complexity gnome CWE-665	6.4
2018-06-04	CVE-2018-11713	WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. network low complexity webkitgtk gnome	6.5
2018-05-16	CVE-2017-17689	The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. network high complexity microsoft horde google 9folders flipdogsolutions r2mail2 apple bloop freron kde gnome mozilla ibm emclient postbox-inc ritlabs	5.9
2018-05-06	CVE-2018-10767	Out-of-bounds Read vulnerability in multiple products There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. network low complexity gnome redhat CWE-125	6.5
2018-05-04	CVE-2018-10733	Out-of-bounds Read vulnerability in multiple products There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. network low complexity gnome redhat opensuse CWE-125	6.5
2017-09-20	CVE-2017-14604	Improper Input Validation vulnerability in multiple products GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. network low complexity gnome debian CWE-20	6.5
2017-09-05	CVE-2017-14108	Resource Exhaustion vulnerability in Gnome Gedit 3.22.1 libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters. local low complexity gnome CWE-400	5.5
2017-07-11	CVE-2017-11171	Infinite Loop vulnerability in Gnome Gnome-Session 2.29.92 Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). local low complexity gnome CWE-835	5.5
2017-06-12	CVE-2017-8871	Infinite Loop vulnerability in multiple products The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file. network low complexity gnome opensuse CWE-835	6.5
2017-06-12	CVE-2017-8834	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file. network low complexity gnome opensuse CWE-119	6.5