Filtered by vendor Gnome
Subscribe
Search
Total
291 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1799 | 2 Canonical, Gnome | 2 Ubuntu Linux, Gnome Online Accounts | 2013-04-02 | 4.3 MEDIUM | N/A |
| Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240. | |||||
| CVE-2013-1050 | 1 Gnome | 1 Gnome Screensaver | 2013-03-18 | 7.2 HIGH | N/A |
| The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation. | |||||
| CVE-2011-3635 | 1 Gnome | 1 Empathy | 2012-11-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname). | |||||
| CVE-2007-6389 | 1 Gnome | 1 Screensaver | 2012-10-31 | 2.1 LOW | N/A |
| The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V. | |||||
| CVE-2012-4427 | 1 Gnome | 1 Gnome-shell | 2012-10-02 | 6.8 MEDIUM | N/A |
| The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page. | |||||
| CVE-2011-3146 | 1 Gnome | 1 Librsvg | 2012-09-13 | 6.8 MEDIUM | N/A |
| librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive. | |||||
| CVE-2012-3378 | 1 Gnome | 1 At-spi2-atk | 2012-09-05 | 3.3 LOW | N/A |
| The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2. | |||||
| CVE-2012-3452 | 1 Gnome | 1 Screensaver | 2012-08-08 | 3.3 LOW | N/A |
| gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple screens are used, only locks the screen with the active focus, which allows physically proximate attackers to bypass screen locking and access an unattended workstation. | |||||
| CVE-2011-2485 | 1 Gnome | 1 Gdk-pixbuf | 2012-07-03 | 4.3 MEDIUM | N/A |
| The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file. | |||||
| CVE-2011-4170 | 1 Gnome | 1 Empathy | 2012-05-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635. | |||||
| CVE-2012-0039 | 1 Gnome | 1 Glib | 2012-02-08 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application. | |||||
| CVE-2011-2524 | 1 Gnome | 1 Libsoup | 2012-02-02 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI. | |||||
| CVE-2011-3364 | 1 Gnome | 2 Ifcfg-rh Plug-in, Networkmanager | 2012-01-19 | 6.9 MEDIUM | N/A |
| Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file. | |||||
| CVE-2011-2176 | 1 Gnome | 1 Networkmanager | 2012-01-19 | 2.1 LOW | N/A |
| GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors. | |||||
| CVE-2011-1709 | 1 Gnome | 2 Gdm, Glib | 2011-09-07 | 7.2 HIGH | N/A |
| GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type. | |||||
| CVE-2008-0668 | 2 Gnome, Redhat | 2 Gnumeric, Fedora | 2011-03-08 | 9.3 HIGH | N/A |
| The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5007 | 1 Gnome | 1 Balsa | 2011-03-08 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command. | |||||
| CVE-2006-6698 | 1 Gnome | 1 Gconf | 2011-03-08 | 1.9 LOW | N/A |
| The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of time, which prevents other users from using Gnome. | |||||
| CVE-2010-4005 | 1 Gnome | 1 Tomboy | 2011-03-01 | 6.9 MEDIUM | N/A |
| The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for CVE-2005-4790.2. | |||||
| CVE-2010-3312 | 1 Gnome | 1 Epiphany | 2011-02-17 | 5.8 MEDIUM | N/A |
| Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate. | |||||
| CVE-2010-4000 | 1 Gnome | 1 Gnome-shell | 2010-11-08 | 6.9 MEDIUM | N/A |
| gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
| CVE-2010-2713 | 2 Gnome, Nalin Dahyabhai | 2 Gnome-terminal, Vte | 2010-09-09 | 6.8 MEDIUM | N/A |
| The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression. | |||||
| CVE-2009-4997 | 1 Gnome | 1 Power Manager | 2010-09-08 | 7.2 HIGH | N/A |
| gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: this issue exists because of a regression that followed a gnome-power-manager fix a few years earlier. | |||||
| CVE-2006-7240 | 1 Gnome | 1 Power Manager | 2010-09-08 | 7.2 HIGH | N/A |
| gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. | |||||
| CVE-2009-4641 | 1 Gnome | 1 Screensaver | 2010-07-07 | 7.2 HIGH | N/A |
| gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended. | |||||
| CVE-2010-0732 | 2 Gnome, Gtk | 2 Screensaver, Gtk\+ | 2010-06-05 | 6.2 MEDIUM | N/A |
| gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. | |||||
| CVE-2009-3289 | 1 Gnome | 1 Glib | 2010-05-20 | 4.4 MEDIUM | N/A |
| The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory. | |||||
| CVE-2006-2789 | 1 Gnome | 1 Evolution | 2010-04-02 | 2.6 LOW | N/A |
| Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used. | |||||
| CVE-2010-0409 | 1 Gnome | 1 Gmime | 2010-03-31 | 7.5 HIGH | N/A |
| Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodings.h in GMime before 2.4.15 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via input data for a uuencode operation. | |||||
| CVE-2009-4642 | 1 Gnome | 1 Screensaver | 2010-03-22 | 7.2 HIGH | N/A |
| gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended. | |||||
| CVE-2010-0414 | 1 Gnome | 1 Screensaver | 2010-02-26 | 7.2 HIGH | N/A |
| gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor. | |||||
| CVE-2009-1276 | 2 Gnome, Sun | 3 Gnome, Opensolaris, Solaris | 2009-08-11 | 2.1 LOW | N/A |
| XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications. | |||||
| CVE-2009-1631 | 1 Gnome | 1 Evolution | 2009-05-23 | 2.1 LOW | N/A |
| The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files. | |||||
| CVE-2009-0318 | 1 Gnome | 1 Gnumeric | 2009-04-16 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2008-5987 | 1 Gnome | 1 Eog | 2009-04-16 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2008-5985 | 1 Gnome | 1 Epiphany | 2009-03-19 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2009-0317 | 1 Gnome | 1 Nautilus-python | 2009-02-05 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2000-0504 | 3 Gnome, Open Group, Xfree86 Project | 3 Gdm, X, X11r6 | 2008-09-10 | 5.0 MEDIUM | N/A |
| libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro. | |||||
| CVE-2000-0491 | 3 Caldera, Gnome, Suse | 3 Openlinux, Gdm, Suse Linux | 2008-09-10 | 10.0 HIGH | N/A |
| Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request. | |||||
| CVE-1999-0990 | 1 Gnome | 1 Gdm | 2008-09-09 | 2.1 LOW | N/A |
| Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system. | |||||
| CVE-2002-1814 | 4 Gnome, Mandrakesoft, Redhat and 1 more | 4 Bonobo, Mandrake Linux, Linux and 1 more | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments. | |||||