Vulnerabilities > Gnome > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-07 | CVE-2017-12447 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gnome Gdk-Pixbuf and Nautilus GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder. | 6.8 |
| 2019-02-11 | CVE-2018-15587 | Improper Verification of Cryptographic Signature vulnerability in multiple products GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. | 4.3 |
| 2019-02-06 | CVE-2019-3825 | Improper Authentication vulnerability in multiple products A vulnerability was discovered in gdm before 3.31.4. | 6.9 |
| 2019-02-06 | CVE-2019-3820 | Improper Authentication vulnerability in multiple products It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. | 4.6 |
| 2018-11-18 | CVE-2008-7320 | Credentials Management vulnerability in Gnome Seahorse GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. | 6.8 |
| 2018-10-29 | CVE-2018-18718 | Double Free vulnerability in multiple products An issue was discovered in gThumb through 3.6.2. | 4.6 |
| 2018-08-24 | CVE-2018-15120 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences. | 4.3 |
| 2018-08-14 | CVE-2018-14424 | Use After Free vulnerability in Gnome Display Manager The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution. | 4.6 |
| 2018-07-26 | CVE-2017-12164 | Improper Initialization vulnerability in Gnome Display Manager 3.24.1 A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. | 6.9 |
| 2018-07-20 | CVE-2016-10727 | Information Exposure vulnerability in multiple products camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | 5.0 |