Vulnerabilities > Gnome > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-06-07 CVE-2018-12016 Unspecified vulnerability in Gnome Epiphany
libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls.
network
low complexity
gnome
5.0
2018-06-04 CVE-2018-11713 WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections.
network
webkitgtk gnome
4.3
2018-05-23 CVE-2018-11396 Unspecified vulnerability in Gnome Epiphany
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.
network
low complexity
gnome
5.0
2018-05-16 CVE-2017-17689 The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. 4.3
2018-05-06 CVE-2018-10767 Out-of-bounds Read vulnerability in multiple products
There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call.
network
gnome redhat CWE-125
4.3
2018-05-04 CVE-2018-10733 Out-of-bounds Read vulnerability in multiple products
There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0.
4.3
2018-03-20 CVE-2018-1000135 Information Exposure vulnerability in multiple products
GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN.
network
low complexity
gnome canonical CWE-200
5.0
2018-02-09 CVE-2018-1000041 GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB.
network
gnome debian
4.3
2018-01-12 CVE-2018-5345 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.
6.8
2018-01-02 CVE-2017-1000422 Integer Overflow or Wraparound vulnerability in multiple products
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution
6.8