Vulnerabilities > Gnome > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-03-07 CVE-2017-12447 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gnome Gdk-Pixbuf and Nautilus
GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.
6.8
2019-02-11 CVE-2018-15587 Improper Verification of Cryptographic Signature vulnerability in multiple products
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.
network
gnome debian CWE-347
4.3
2019-02-06 CVE-2019-3825 Improper Authentication vulnerability in multiple products
A vulnerability was discovered in gdm before 3.31.4.
6.9
2019-02-06 CVE-2019-3820 Improper Authentication vulnerability in multiple products
It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions.
local
low complexity
gnome opensuse canonical CWE-287
4.6
2018-11-18 CVE-2008-7320 Credentials Management vulnerability in Gnome Seahorse
GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked.
low complexity
gnome CWE-255
6.8
2018-10-29 CVE-2018-18718 Double Free vulnerability in multiple products
An issue was discovered in gThumb through 3.6.2.
local
low complexity
gnome debian CWE-415
4.6
2018-08-24 CVE-2018-15120 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
4.3
2018-08-14 CVE-2018-14424 Use After Free vulnerability in Gnome Display Manager
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.
local
low complexity
gnome CWE-416
4.6
2018-07-26 CVE-2017-12164 Improper Initialization vulnerability in Gnome Display Manager 3.24.1
A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin.
local
gnome CWE-665
6.9
2018-07-20 CVE-2016-10727 Information Exposure vulnerability in multiple products
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
network
low complexity
canonical gnome CWE-200
5.0