CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42522
https://notcve.org/view.php?id=CVE-2021-42522
25 Aug 2022 — There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call 'g_free()' to release the return value of 'xmlGetProp()'. Se presenta una vulnerabilidad de divulgación de información en el archivo anjuta/plugins/document-manager/anjuta-bookmarks.c. Este problema fue causado por el uso incorrecto de la API libxml2. • https://gitlab.gnome.org/GNOME/anjuta/-/issues/12 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 3CVE-2021-46829 – gdk-pixbuf: heap-based buffer overflow when compositing or clearing frames in GIF files
https://notcve.org/view.php?id=CVE-2021-46829
24 Jul 2022 — GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems. GdkPixbuf de GNOME (también se conoce como GDK-PixBuf) versiones anteriores a 2.42.8, permite un desbordamiento del búfer en la región heap de la memoria cuando son compuestos o borran fotogramas en archivos GIF, como es dem... • http://www.openwall.com/lists/oss-security/2022/07/25/1 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3982
https://notcve.org/view.php?id=CVE-2021-3982
29 Apr 2022 — Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine. Las distribuciones de Linux que usan la función CAP_SYS_NICE para gnome-shell pueden estar expuestas a un problema de escalada de privilegios. Un atacante, c... • https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2284 • CWE-273: Improper Check for Dropped Privileges •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-29536 – Gentoo Linux Security Advisory 202405-27
https://notcve.org/view.php?id=CVE-2022-29536
20 Apr 2022 — In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered. En GNOME Epiphany versiones anteriores a 41.4 y versiones 42.x anteriores a 42.2, un documento HTML puede desencadenar un desbordamiento del búfer del cliente (en ephy_string_shorten en el proceso de la interfaz de usuario) por medio de... • https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1106 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1CVE-2022-27811
https://notcve.org/view.php?id=CVE-2022-27811
24 Mar 2022 — GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename. GNOME OCRFeeder versiones anteriores a 0.8.4, permite una inyección de comandos en el Sistema Operativo por medio de metacaracteres de la shell en un nombre de archivo PDF o de imagen • https://gitlab.gnome.org/GNOME/ocrfeeder/-/commit/5286120c8bc8b7ba74e0f9b19b5262b509f38cee • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20315
https://notcve.org/view.php?id=CVE-2021-20315
18 Feb 2022 — A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked. Se ha encontrado un fallo de omisión de la protección de bloqueo en algunas versiones de gnome-shell tal y como se distribuye en CentOS Stream 8, cuan... • https://bugzilla.redhat.com/show_bug.cgi?id=2006285 • CWE-667: Improper Locking •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 2CVE-2021-44648 – gdk-pixbuf: heap-buffer overflow when decoding the lzw compressed stream of image data
https://notcve.org/view.php?id=CVE-2021-44648
12 Jan 2022 — GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12. GNOME gdk-pixbuf versión 2.42.6, es susceptible a una vulnerabilidad de desbordamiento del búfer de la pila cuando es decodificado el flujo de datos de imágenes comprimido por lzw en archivos GIF con un tamaño de código mínimo de lzw igual a 12 A flaw was found in gdk-pixbuf. The vulnerability occurs due to the index overwri... • https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2021-45086 – Debian Security Advisory 5042-1
https://notcve.org/view.php?id=CVE-2021-45086
16 Dec 2021 — XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js. Un ataque de tipo XSS puede ocurrir en GNOME Web (también se conoce como Epiphany) versiones anteriores a 40.4 y 41.x versiones anteriores a 41.1, porque el suggested_filename de un servidor es usado como el valor pdf_name en PDF.js It was discovered that GNOME Web incorrectly filtered certain strings. A remote attacker could use this issue to perform cros... • https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-45087 – Debian Security Advisory 5042-1
https://notcve.org/view.php?id=CVE-2021-45087
16 Dec 2021 — XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title. Un ataque de tipo XSS puede ocurrir en GNOME Web (también se conoce como Epiphany) versiones anteriores a 40.4 y 41.x versiones anteriores a 41.1, cuando es usado el modo Ver Fuente o el modo Lector, como lo demuestra un título de página It was discovered that GNOME Web incorrectly filtered certain strings. A remote attacker could use this issue to perfo... • https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-45088 – Debian Security Advisory 5042-1
https://notcve.org/view.php?id=CVE-2021-45088
16 Dec 2021 — XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page. Un ataque de tipo XSS puede ocurrir en GNOME Web (también se conoce como Epiphany) versiones anteriores a 40.4 y 41.x versiones anteriores a 41.1 por medio de una página de error Several vulnerabities have been discovered in Epiphany, the GNOME web browser, allowing XSS attacks under certain circumstances. • https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •