Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Gnome Subscribe
Total 295 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-11459 6 Canonical, Debian, Fedoraproject and 3 more 9 Ubuntu Linux, Debian Linux, Fedora and 6 more 2023-03-03 4.3 MEDIUM 5.5 MEDIUM
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
CVE-2023-26081 2 Fedoraproject, Gnome 2 Fedora, Epiphany 2023-03-01 N/A 7.5 HIGH
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
CVE-2022-37290 2 Fedoraproject, Gnome 2 Fedora, Nautilus 2023-03-01 N/A 5.5 MEDIUM
GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.
CVE-2013-1978 3 Gimp, Gnome, Redhat 3 Gimp, Glib, Enterprise Linux 2023-02-12 6.8 MEDIUM N/A
Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.
CVE-2013-1799 2 Canonical, Gnome 2 Ubuntu Linux, Gnome Online Accounts 2023-02-12 4.3 MEDIUM N/A
Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240.
CVE-2013-1913 3 Gimp, Gnome, Redhat 3 Gimp, Glib, Enterprise Linux 2023-02-12 6.8 MEDIUM N/A
Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump.
CVE-2012-2370 1 Gnome 1 Gdk-pixbuf 2023-02-12 5.0 MEDIUM N/A
Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.
CVE-2011-3201 3 Gnome, Oracle, Redhat 5 Evolution, Solaris, Enterprise Linux Desktop and 2 more 2023-02-12 4.3 MEDIUM N/A
GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.
CVE-2010-0732 2 Gnome, Gtk 2 Screensaver, Gtk\+ 2023-02-12 6.2 MEDIUM N/A
gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.
CVE-2011-0020 2 Gnome, Pango 2 Pango, Pango 2023-02-12 7.6 HIGH N/A
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
CVE-2009-3609 6 Foolabs, Glyph And Cog, Glyphandcog and 3 more 6 Xpdf, Pdftops, Xpdfreader and 3 more 2023-02-12 4.3 MEDIUM N/A
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.
CVE-2009-3608 7 Foolabs, Glyph And Cog, Glyphandcog and 4 more 7 Xpdf, Pdftops, Xpdfreader and 4 more 2023-02-12 9.3 HIGH N/A
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
CVE-2008-4316 1 Gnome 1 Glib 2023-02-12 4.6 MEDIUM N/A
Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation.
CVE-2009-3604 5 Foolabs, Glyphandcog, Gnome and 2 more 5 Xpdf, Xpdfreader, Gpdf and 2 more 2023-02-12 9.3 HIGH N/A
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.
CVE-2015-2675 1 Gnome 1 Librest 2023-02-12 5.0 MEDIUM 7.5 HIGH
The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account.
CVE-2015-0272 4 Canonical, Gnome, Oracle and 1 more 9 Ubuntu Linux, Networkmanager, Linux and 6 more 2023-02-12 5.0 MEDIUM N/A
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.
CVE-2013-4166 2 Gnome, Redhat 5 Evolution, Evolution Data Server, Enterprise Linux Desktop and 2 more 2023-02-12 5.0 MEDIUM 7.5 HIGH
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.
CVE-2020-14391 2 Gnome, Redhat 5 Control Center, Enterprise Linux, Enterprise Linux Aus and 2 more 2023-02-12 2.1 LOW 5.5 MEDIUM
A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality.
CVE-2017-5885 2 Fedoraproject, Gnome 2 Fedora, Gtk-vnc 2023-02-12 7.5 HIGH 9.8 CRITICAL
Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.
CVE-2017-5884 2 Fedoraproject, Gnome 2 Fedora, Gtk-vnc 2023-02-12 6.8 MEDIUM 7.8 HIGH
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.