Filtered by vendor Gnome
Subscribe
Total
347 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3057 | 1 Gnome | 1 Dhcdbd | 2026-04-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) allows remote attackers to cause a denial of service (crash) via certain invalid DHCP responses that trigger memory corruption. | |||||
| CVE-2005-0372 | 1 Gnome | 1 Gtk | 2026-04-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command. | |||||
| CVE-2003-0541 | 1 Gnome | 1 Gtkhtml | 2026-04-16 | 5.0 MEDIUM | N/A |
| gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference. | |||||
| CVE-2003-0548 | 2 Gnome, Redhat | 4 Gdm, Enterprise Linux, Kdebase and 1 more | 2026-04-16 | 5.0 MEDIUM | N/A |
| The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549. | |||||
| CVE-2005-0891 | 1 Gnome | 1 Gtk | 2026-04-16 | 5.0 MEDIUM | 7.5 HIGH |
| Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image. | |||||
| CVE-2005-2975 | 1 Gnome | 2 Gdkpixbuf, Gtk | 2026-04-16 | 7.8 HIGH | N/A |
| io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors. | |||||
| CVE-2004-0788 | 1 Gnome | 2 Gdkpixbuf, Gtk | 2026-04-16 | 5.0 MEDIUM | N/A |
| Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file. | |||||
| CVE-2005-0023 | 1 Gnome | 2 Libvte4, Libzvt2 | 2026-04-16 | 2.1 LOW | N/A |
| gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed. | |||||
| CVE-2000-0864 | 1 Gnome | 1 Esound | 2026-04-16 | 6.2 MEDIUM | N/A |
| Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack. | |||||
| CVE-2005-0206 | 15 Ascii, Cstex, Debian and 12 more | 22 Ptex, Cstetex, Debian Linux and 19 more | 2026-04-16 | 7.5 HIGH | N/A |
| The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. | |||||
| CVE-2006-1057 | 1 Gnome | 1 Gdm | 2026-04-16 | 3.7 LOW | N/A |
| Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file. | |||||
| CVE-2000-0948 | 1 Gnome | 1 Gnorpm | 2026-04-16 | 7.2 HIGH | N/A |
| GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack. | |||||
| CVE-2006-0040 | 1 Gnome | 1 Evolution | 2026-04-16 | 5.0 MEDIUM | N/A |
| GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml. | |||||
| CVE-2003-0133 | 1 Gnome | 1 Gtkhtml | 2026-04-16 | 5.0 MEDIUM | N/A |
| GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages. | |||||
| CVE-2026-1801 | 2 Gnome, Redhat | 2 Libsoup, Enterprise Linux | 2026-03-26 | N/A | 5.3 MEDIUM |
| A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk headers, such as lone line feed (LF) characters instead of the required carriage return and line feed (CRLF). A remote attacker can exploit this without authentication or user interaction by sending specially crafted chunked requests. This allows libsoup to parse and process multiple HTTP requests from a single network message, potentially leading to information disclosure. | |||||
| CVE-2026-1467 | 2 Gnome, Redhat | 2 Libsoup, Enterprise Linux | 2026-03-25 | N/A | 5.8 MEDIUM |
| A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing a specially crafted URL containing CRLF sequences, allowing them to inject additional HTTP headers or complete HTTP request bodies. This can lead to unintended or unauthorized HTTP requests being forwarded by the proxy, potentially impacting downstream services. | |||||
| CVE-2026-1536 | 2 Gnome, Redhat | 2 Libsoup, Enterprise Linux | 2026-03-25 | N/A | 5.8 MEDIUM |
| A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Return Line Feed) sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP headers to be injected. This vulnerability can lead to HTTP header injection or HTTP response splitting without requiring authentication or user interaction. | |||||
| CVE-2026-1539 | 2 Gnome, Redhat | 2 Libsoup, Enterprise Linux | 2026-03-25 | N/A | 5.8 MEDIUM |
| A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data. | |||||
| CVE-2026-2443 | 2 Gnome, Redhat | 2 Libsoup, Enterprise Linux | 2026-03-23 | N/A | 5.3 MEDIUM |
| A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component. | |||||
| CVE-2026-3099 | 2 Gnome, Redhat | 2 Libsoup, Enterprise Linux | 2026-03-23 | N/A | 5.8 MEDIUM |
| A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the attacker can bypass authentication and gain unauthorized access to protected resources, impersonating the legitimate user. | |||||