Vulnerabilities > Gnome > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-07-26 | CVE-2017-12164 | Improper Initialization vulnerability in Gnome Display Manager 3.24.1 A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. | 6.4 |
2018-06-04 | CVE-2018-11713 | WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. | 6.5 |
2018-05-16 | CVE-2017-17689 | The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. | 5.9 |
2018-05-06 | CVE-2018-10767 | Out-of-bounds Read vulnerability in multiple products There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. | 6.5 |
2018-05-04 | CVE-2018-10733 | Out-of-bounds Read vulnerability in multiple products There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. | 6.5 |
2017-09-20 | CVE-2017-14604 | Improper Input Validation vulnerability in multiple products GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. | 6.5 |
2017-09-05 | CVE-2017-14108 | Resource Exhaustion vulnerability in Gnome Gedit 3.22.1 libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters. | 5.5 |
2017-07-11 | CVE-2017-11171 | Infinite Loop vulnerability in Gnome Gnome-Session 2.29.92 Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). | 5.5 |
2017-06-12 | CVE-2017-8871 | Infinite Loop vulnerability in multiple products The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file. | 6.5 |
2017-06-12 | CVE-2017-8834 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file. | 6.5 |