5856 matches found
OESA-2026-2819 gnome-tour security update
A guided tour and greeter for GNOME.Tour uses by default the logo of the distribution based on the info from /etc/os-release. The application comes with a feature to replace the logo with a welcome video shipped by the distribution. Security Fixes: slab is a pre-allocated storage for a uniform da...
OESA-2026-2818 gnome-tour security update
A guided tour and greeter for GNOME.Tour uses by default the logo of the distribution based on the info from /etc/os-release. The application comes with a feature to replace the logo with a welcome video shipped by the distribution. Security Fixes: slab is a pre-allocated storage for a uniform da...
OESA-2026-2817 gnome-tour security update
A guided tour and greeter for GNOME.Tour uses by default the logo of the distribution based on the info from /etc/os-release. The application comes with a feature to replace the logo with a welcome video shipped by the distribution. Security Fixes: slab is a pre-allocated storage for a uniform da...
CVE-2026-13324
A vulnerability has been identified in the GNOME Geary package within its mailto URI handling component. This flaw occurs because the email client automatically processes a non-standard attach parameter in email links without prompting or alerting the user. An attacker could exploit this by...
Astra Linux – Vulnerability in vte2.91
GNOME VTE before version 0.76.3 allowed an attacker to cause a denial of service memory consumption through a window resizing escape sequence, a issue related to CVE-2000-0476...
OESA-2026-2715 gnome-shell security update
The GNOME Shell redefines user interactions with the GNOME desktop. In particular, it offers new paradigms for launching applications, accessing documents, and organizing open windows in GNOME. Later, it will introduce a new applets eco-system and offer new solutions for other desktop features,...
OESA-2026-2714 gnome-shell security update
The GNOME Shell redefines user interactions with the GNOME desktop. In particular, it offers new paradigms for launching applications, accessing documents, and organizing open windows in GNOME. Later, it will introduce a new applets eco-system and offer new solutions for other desktop features,...
EUVD-2026-38604
Module: plugins/modules/keyringinfo.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring GNOME Keyring, macOS Keychain, Windows Credential Manager and places it directly into result"passphrase" with no output suppression...
SUSE-SU-2026:2515-1 Security update for openssh, openssh-askpass-gnome
This update for openssh, openssh-askpass-gnome fixes the following issues - CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid bsc1261427. - CVE-2026-35414: mishandling of authorizedkeys principals option bsc1261430...
CVE-2026-6653
Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling...
UBUNTU-CVE-2026-12322
Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
EUVD-2026-37068
Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
CVE-2026-12322
CVE-2026-12322 is a clickjacking vulnerability in the Gtk Widget component affecting Mozilla Firefox and Thunderbird. The issue, described across multiple sources, is due to a UI framing/embedding flaw that could enable deceptive UI interaction. Affected products were updated to mitigate the vuln...
CVE-2026-1765
A flaw was found in the tracker-extract-mp3 component of GNOME localsearch previously known as tracker-miners. This vulnerability, a heap buffer overflow, occurs when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3 file, leading to a Denia...
CVE-2026-1767
A flaw was found in the GNOME localsearch previously known as tracker-miners MP3 Extractor tracker-extract-mp3 component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length...
CVE-2026-1764
A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the extractperformerstags function can lead to a heap buffer overflow. This vulnerability allows a remote attacker...
EUVD-2026-37028
A flaw was found in the GNOME localsearch previously known as tracker-miners MP3 Extractor tracker-extract-mp3 component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length...
CVE-2026-1767
A flaw was found in the GNOME localsearch previously known as tracker-miners MP3 Extractor tracker-extract-mp3 component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length...
CVE-2026-1766
CVE-2026-1766 concerns GNOME localsearch (tracker-extract-mp3) and its MP3 Extractor, where a heap buffer overflow occurs while parsing MP3 files with malformed ID3v2.3 COMM tags. Exploitation can cause DoS (crash) and may disclose heap data. Public advisories and patches exist across multiple ve...
CVE-2026-1766 Localsearch: tracker-miners: gnome localsearch mp3 extractor: denial of service and information disclosure via malformed mp3 files.
A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM Comment tags. An attacker cou...