Shodan
Vulnerabilities
Vulnerable Software
Gnome:  Security Vulnerabilities
CVE-2019-19308
In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that returns NULL).
CVSS Score
5.5
EPSS Score
0.003
Published
2019-11-27
CVE-2011-3355
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim.
CVSS Score
7.3
EPSS Score
0.002
Published
2019-11-25
CVE-2012-5535
gnome-system-log polkit policy allows arbitrary files on the system to be read
CVSS Score
7.5
EPSS Score
0.005
Published
2019-11-25
CVE-2011-2897
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw
CVSS Score
9.8
EPSS Score
0.01
Published
2019-11-12
CVE-2016-1000002
gdm3 3.14.2 and possibly later has an information leak before screen lock
CVSS Score
2.4
EPSS Score
0.002
Published
2019-11-05
CVE-2013-3718
evince is missing a check on number of pages which can lead to a segmentation fault
CVSS Score
5.5
EPSS Score
0.005
Published
2019-11-01
CVE-2019-17266
libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.
CVSS Score
9.8
EPSS Score
0.009
Published
2019-10-06
CVE-2019-16680
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
CVSS Score
4.3
EPSS Score
0.016
Published
2019-09-21
CVE-2019-3890
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.
CVSS Score
8.1
EPSS Score
0.003
Published
2019-08-01
CVE-2019-1010238
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.
CVSS Score
9.8
EPSS Score
0.029
Published
2019-07-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved