Page 10 of 315 results (0.009 seconds)

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-3349

https://notcve.org/view.php?id=CVE-2021-3349

GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior ** EN DISPUTA ** GNOME Evolution versiones hasta 3.38.3, produce un mensaje "Valid signature" para un identificador desconocido en una clave previamente confiable porque Evolution no recupera suficiente información de la API de GnuPG. NOTA: terceros disputan la importancia de este problema y disputan si Evolution es el mejor lugar para cambiar este comportamiento • https://dev.gnupg.org/T4735 https://gitlab.gnome.org/GNOME/evolution/-/issues/299 https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-27837

https://notcve.org/view.php?id=CVE-2020-27837

A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit. Se encontró un fallo en GDM en versiones anteriores a 3.38.2.1. Una condición de carrera en el manejo del cierre de sesión hace posible omitir la pantalla de bloqueo para un usuario que tiene habilitado el inicio de sesión automático accediendo a su sesión sin autenticación. • https://bugzilla.redhat.com/show_bug.cgi?id=1906812 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-35457

https://notcve.org/view.php?id=CVE-2020-35457

GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented ** EN DISPUTA** GNOME GLib versiones anteriores a 2.65.3, presenta un desbordamiento de enteros, que podría conllevar a una escritura fuera de límites, en la función g_option_group_add_entries. NOTA: la posición del proveedor es "Realistically this is not a security issue". • https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d https://gitlab.gnome.org/GNOME/glib/-/issues/2197 https://gitlab.gnome.org/GNOME/glib/-/releases/2.65.3 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2020-29385

https://notcve.org/view.php?id=CVE-2020-29385

GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way. GNOME gdk-pixbuf (también se conoce como GdkPixbuf) versiones anteriores a 2.42.2, permite una denegación de servicio (bucle infinito) en el archivo lzw.c en la función write_indexes. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166 https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/blob/master/NEWS https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2020-14391 – gnome-settings-daemon: Red Hat Customer Portal password logged and passed as command line argument when user registers through GNOME control center

https://notcve.org/view.php?id=CVE-2020-14391

A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality. Se encontró un fallo en el Centro de Control de GNOME en Red Hat Enterprise Linux versiones 8 anteriores a 8.2, donde usa inapropiadamente las credenciales Red Hat Customer Portal cuando un usuario registra un sistema mediante la Interfaz de Usuario de Configuración de GNOME. Este fallo permite a un atacante local detecte la contraseña de Red Hat Customer Portal. • https://bugzilla.redhat.com/show_bug.cgi?id=1873093 https://access.redhat.com/security/cve/CVE-2020-14391 • CWE-522: Insufficiently Protected Credentials •