cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-37290,https://securityvulnerability.io/vulnerability/CVE-2022-37290,NULL Pointer Dereference in GNOME Nautilus Product,"A vulnerability in GNOME Nautilus version 42.2 allows for a NULL pointer dereference when a user pastes a ZIP archive into the application. This flaw can cause the application to crash unexpectedly, potentially disrupting user workflows and data access. Users are advised to avoid pasting malicious ZIP files and to keep their software updated to mitigate risks associated with this issue.",Gnome,Nautilus,5.5,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2022-11-14T00:00:00.000Z,0
CVE-2019-11461,https://securityvulnerability.io/vulnerability/CVE-2019-11461,,"An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.",Gnome,Nautilus,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-04-22T20:26:50.000Z,0
CVE-2017-12447,https://securityvulnerability.io/vulnerability/CVE-2017-12447,,"GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.",Gnome,"Gdk-pixbuf,Nautilus",7.8,HIGH,0.0025599999353289604,false,,false,false,false,,,false,false,,2019-03-07T22:00:00.000Z,0
CVE-2017-14604,https://securityvulnerability.io/vulnerability/CVE-2017-14604,,"GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious ""sh -c"" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.",Gnome,Nautilus,6.5,MEDIUM,0.0010999999940395355,false,,false,false,false,,,false,false,,2017-09-20T08:00:00.000Z,0
CVE-2009-0317,https://securityvulnerability.io/vulnerability/CVE-2009-0317,,"Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).",Gnome,Nautilus-python,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2009-01-28T11:00:00.000Z,0