Filtered by vendor Gnome
Subscribe
Total
349 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34397 | 4 Debian, Fedoraproject, Gnome and 1 more | 4 Debian Linux, Fedora, Glib and 1 more | 2026-06-17 | N/A | 5.2 MEDIUM |
| An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact. | |||||
| CVE-2023-5616 | 2 Canonical, Gnome | 2 Ubuntu Linux, Control Center | 2026-06-17 | N/A | 4.9 MEDIUM |
| In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user. | |||||
| CVE-2023-5557 | 2 Gnome, Redhat | 2 Tracker Miners, Enterprise Linux | 2026-06-17 | N/A | 7.5 HIGH |
| A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability. | |||||
| CVE-2023-43091 | 1 Gnome | 1 Gnome-maps | 2026-06-17 | N/A | 9.8 CRITICAL |
| A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code. | |||||
| CVE-2023-43090 | 2 Fedoraproject, Gnome | 2 Fedora, Gnome-shell | 2026-06-17 | N/A | 5.5 MEDIUM |
| A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool. | |||||
| CVE-2023-38633 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Librsvg | 2026-06-17 | N/A | 5.5 MEDIUM |
| A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. | |||||
| CVE-2023-36250 | 1 Gnome | 1 Gnome-time Tracker | 2026-06-17 | N/A | 7.8 HIGH |
| CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record. | |||||
| CVE-2023-32665 | 1 Gnome | 1 Glib | 2026-06-17 | N/A | 5.5 MEDIUM |
| A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. | |||||
| CVE-2023-32643 | 1 Gnome | 1 Glib | 2026-06-17 | N/A | 5.3 MEDIUM |
| A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665. | |||||
| CVE-2023-32636 | 1 Gnome | 1 Glib | 2026-06-17 | N/A | 4.7 MEDIUM |
| A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. | |||||
| CVE-2023-32611 | 1 Gnome | 1 Glib | 2026-06-17 | N/A | 5.5 MEDIUM |
| A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. | |||||
| CVE-2023-29499 | 1 Gnome | 1 Glib | 2026-06-17 | N/A | 5.5 MEDIUM |
| A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. | |||||
| CVE-2023-26081 | 2 Fedoraproject, Gnome | 2 Fedora, Epiphany | 2026-06-17 | N/A | 7.5 HIGH |
| In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. | |||||
| CVE-2022-48622 | 1 Gnome | 1 Gdkpixbuf | 2026-06-17 | N/A | 7.8 HIGH |
| In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c. | |||||
| CVE-2022-37290 | 2 Fedoraproject, Gnome | 2 Fedora, Nautilus | 2026-06-17 | N/A | 5.5 MEDIUM |
| GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive. | |||||
| CVE-2022-29536 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Epiphany | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered. | |||||
| CVE-2022-27811 | 1 Gnome | 1 Ocrfeeder | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename. | |||||
| CVE-2022-1736 | 2 Canonical, Gnome | 2 Ubuntu Linux, Gnome-remote-desktop | 2026-06-17 | N/A | 9.8 CRITICAL |
| Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default. | |||||
| CVE-2021-46829 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Gdk-pixbuf | 2026-06-17 | N/A | 7.8 HIGH |
| GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems. | |||||
| CVE-2021-45088 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page. | |||||