Export limit exceeded: 366042 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (371 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-6196 2 Gnome, Redhat 2 Libgepub, Enterprise Linux 2025-11-06 5.5 Medium
A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service.
CVE-2024-52532 2 Gnome, Redhat 2 Libsoup, Enterprise Linux 2025-11-03 7.5 High
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
CVE-2024-52531 2 Gnome, Redhat 8 Libsoup, Camel K, Enterprise Linux and 5 more 2025-11-03 6.5 Medium
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the content type of a request or response).
CVE-2024-52530 2 Gnome, Redhat 7 Libsoup, Enterprise Linux, Rhel Aus and 4 more 2025-11-03 7.5 High
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
CVE-2024-42415 1 Gnome 1 Libgsf 2025-11-03 8.4 High
An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2024-36474 1 Gnome 1 Libgsf 2025-11-03 8.4 High
An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-1736 2 Canonical, Gnome 2 Ubuntu Linux, Gnome-remote-desktop 2025-08-26 9.8 Critical
Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.
CVE-2023-5616 2 Canonical, Gnome 2 Ubuntu Linux, Control Center 2025-08-26 4.9 Medium
In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.
CVE-2023-43091 2 Gnome, Gnome Maps 2 Gnome-maps, Gnome Maps 2025-08-06 9.8 Critical
A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code.
CVE-2024-52533 4 Debian, Gnome, Netapp and 1 more 5 Debian Linux, Glib, Active Iq Unified Manager and 2 more 2025-06-17 9.8 Critical
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
CVE-2020-36774 1 Gnome 1 Glade 2025-05-07 5.5 Medium
plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash).
CVE-2022-37290 2 Fedoraproject, Gnome 2 Fedora, Nautilus 2025-05-01 5.5 Medium
GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.
CVE-2020-29385 3 Canonical, Fedoraproject, Gnome 3 Ubuntu Linux, Fedora, Gdk-pixbuf 2025-04-29 5.5 Medium
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.
CVE-2017-1000159 1 Gnome 1 Evince 2025-04-20 N/A
Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.
CVE-2017-1000044 1 Gnome 1 Gtk-vnc 2025-04-20 N/A
gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering
CVE-2017-8834 2 Gnome, Opensuse 2 Libcroco, Leap 2025-04-20 6.5 Medium
The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.
CVE-2017-14604 3 Debian, Gnome, Redhat 3 Debian Linux, Nautilus, Enterprise Linux 2025-04-20 6.5 Medium
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.
CVE-2017-6314 3 Debian, Fedoraproject, Gnome 3 Debian Linux, Fedora, Gdk-pixbuf 2025-04-20 5.5 Medium
The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
CVE-2017-6313 3 Debian, Fedoraproject, Gnome 3 Debian Linux, Fedora, Gdk-pixbuf 2025-04-20 7.1 High
Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
CVE-2017-6312 3 Debian, Fedoraproject, Gnome 3 Debian Linux, Fedora, Gdk-pixbuf 2025-04-20 5.5 Medium
Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.