A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-09-22
Updated
2023-09-26
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
Max CVSS
5.5
EPSS Score
0.16%
Published
2023-07-22
Updated
2024-01-24
A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.
Max CVSS
5.5
EPSS Score
0.05%
Published
2023-09-14
Updated
2023-11-27
A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.
Max CVSS
5.5
EPSS Score
0.05%
Published
2023-09-14
Updated
2023-11-27
GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.
Max CVSS
5.5
EPSS Score
0.04%
Published
2022-11-14
Updated
2023-03-01
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.
Max CVSS
6.1
EPSS Score
0.20%
Published
2021-12-16
Updated
2022-08-19
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
Max CVSS
6.1
EPSS Score
0.20%
Published
2021-12-16
Updated
2022-08-19
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.
Max CVSS
6.1
EPSS Score
0.10%
Published
2021-12-16
Updated
2022-01-21
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.
Max CVSS
6.1
EPSS Score
0.20%
Published
2021-12-16
Updated
2022-08-19
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
Max CVSS
5.9
EPSS Score
0.20%
Published
2021-08-22
Updated
2021-12-16
In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
Max CVSS
5.9
EPSS Score
0.09%
Published
2021-08-22
Updated
2021-08-30
In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
Max CVSS
5.9
EPSS Score
0.11%
Published
2021-08-22
Updated
2021-11-28
In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
Max CVSS
5.9
EPSS Score
0.13%
Published
2021-08-22
Updated
2023-11-07
In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
Max CVSS
5.9
EPSS Score
0.11%
Published
2021-08-22
Updated
2021-11-28
autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-36241.
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-03-17
Updated
2022-05-20
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)
Max CVSS
5.3
EPSS Score
0.93%
Published
2021-03-11
Updated
2023-02-03
A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked.
Max CVSS
6.1
EPSS Score
0.05%
Published
2022-02-18
Updated
2022-12-03
A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability.
Max CVSS
5.5
EPSS Score
0.04%
Published
2021-05-26
Updated
2021-06-03
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine.
Max CVSS
5.5
EPSS Score
0.04%
Published
2022-04-29
Updated
2023-02-03
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
Max CVSS
5.5
EPSS Score
0.07%
Published
2022-08-23
Updated
2023-04-25
GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior
Max CVSS
3.3
EPSS Score
0.06%
Published
2021-02-01
Updated
2024-03-21
GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image.
Max CVSS
5.5
EPSS Score
0.06%
Published
2021-07-19
Updated
2021-07-28
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.
Max CVSS
3.9
EPSS Score
0.06%
Published
2021-04-07
Updated
2022-06-28
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-02-05
Updated
2022-04-08
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.
Max CVSS
5.5
EPSS Score
0.18%
Published
2020-12-26
Updated
2021-03-22
165 vulnerabilities found
1 2 3 4 5 6 7
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!