Filtered by vendor Gnome
Subscribe
Total
314 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2132 | 1 Gnome | 1 Libsoup | 2025-04-11 | 5.0 MEDIUM | N/A |
| libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection. | |||||
| CVE-2012-3452 | 1 Gnome | 1 Screensaver | 2025-04-11 | 3.3 LOW | N/A |
| gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple screens are used, only locks the screen with the active focus, which allows physically proximate attackers to bypass screen locking and access an unattended workstation. | |||||
| CVE-2011-0727 | 1 Gnome | 1 Gdm | 2025-04-11 | 6.9 MEDIUM | N/A |
| GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/. | |||||
| CVE-2009-3289 | 3 Gnome, Opensuse, Suse | 3 Glib, Opensuse, Suse Linux Enterprise Server | 2025-04-09 | 4.4 MEDIUM | 7.8 HIGH |
| The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory. | |||||
| CVE-2008-4316 | 1 Gnome | 1 Glib | 2025-04-09 | 4.6 MEDIUM | N/A |
| Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation. | |||||
| CVE-2008-5987 | 1 Gnome | 1 Eog | 2025-04-09 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2008-7185 | 1 Gnome | 1 Rhythmbox | 2025-04-09 | 4.3 MEDIUM | N/A |
| GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c. | |||||
| CVE-2008-5660 | 1 Gnome | 1 Vinagre | 2025-04-09 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response. | |||||
| CVE-2007-3381 | 1 Gnome | 1 Gdm | 2025-04-09 | 1.5 LOW | N/A |
| The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/. | |||||
| CVE-2009-1631 | 1 Gnome | 1 Evolution | 2025-04-09 | 2.1 LOW | N/A |
| The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files. | |||||
| CVE-2009-4144 | 1 Gnome | 1 Networkmanager | 2025-04-09 | 6.8 MEDIUM | N/A |
| NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network. | |||||
| CVE-2008-1108 | 1 Gnome | 1 Evolution | 2025-04-09 | 7.6 HIGH | N/A |
| Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment. | |||||
| CVE-2007-6389 | 1 Gnome | 1 Screensaver | 2025-04-09 | 2.1 LOW | N/A |
| The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V. | |||||
| CVE-2009-2697 | 2 Gnome, Redhat | 2 Gdm, Enterprise Linux | 2025-04-09 | 6.8 MEDIUM | N/A |
| The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079. | |||||
| CVE-2008-0668 | 2 Gnome, Redhat | 2 Gnumeric, Fedora | 2025-04-09 | 9.3 HIGH | N/A |
| The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0582 | 1 Gnome | 1 Evolution-data-server | 2025-04-09 | 5.8 MEDIUM | N/A |
| The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data. | |||||
| CVE-2006-6698 | 1 Gnome | 1 Gconf | 2025-04-09 | 1.9 LOW | N/A |
| The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of time, which prevents other users from using Gnome. | |||||
| CVE-2009-2404 | 4 Aol, Gnome, Mozilla and 1 more | 7 Instant Messenger, Evolution, Firefox and 4 more | 2025-04-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function. | |||||
| CVE-2007-5007 | 1 Gnome | 1 Balsa | 2025-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command. | |||||
| CVE-2008-3533 | 1 Gnome | 2 Gnome, Yelp | 2025-04-09 | 10.0 HIGH | N/A |
| Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs. | |||||