Filtered by vendor Gnome
Subscribe
Total
312 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-4169 | 1 Gnome | 1 Gnome Display Manager | 2023-12-10 | 6.9 MEDIUM | N/A |
GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/. | |||||
CVE-2011-3146 | 1 Gnome | 1 Librsvg | 2023-12-10 | 6.8 MEDIUM | N/A |
librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive. | |||||
CVE-2012-2370 | 1 Gnome | 1 Gdk-pixbuf | 2023-12-10 | 5.0 MEDIUM | N/A |
Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow. | |||||
CVE-2013-1050 | 1 Gnome | 1 Gnome Screensaver | 2023-12-10 | 7.2 HIGH | N/A |
The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation. | |||||
CVE-2011-5244 | 3 Gnome, T1lib, Tetex | 3 Evince, T1lib, Tetex | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433. | |||||
CVE-2012-4427 | 1 Gnome | 1 Gnome-shell | 2023-12-10 | 6.8 MEDIUM | N/A |
The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page. | |||||
CVE-2011-2485 | 1 Gnome | 1 Gdk-pixbuf | 2023-12-10 | 4.3 MEDIUM | N/A |
The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file. | |||||
CVE-2013-1978 | 3 Gimp, Gnome, Redhat | 3 Gimp, Glib, Enterprise Linux | 2023-12-10 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries. | |||||
CVE-2012-3452 | 1 Gnome | 1 Screensaver | 2023-12-10 | 3.3 LOW | N/A |
gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple screens are used, only locks the screen with the active focus, which allows physically proximate attackers to bypass screen locking and access an unattended workstation. | |||||
CVE-2011-3193 | 5 Canonical, Gnome, Opensuse and 2 more | 8 Ubuntu Linux, Pango, Opensuse and 5 more | 2023-12-10 | 9.3 HIGH | N/A |
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. | |||||
CVE-2013-1881 | 1 Gnome | 1 Librsvg | 2023-12-10 | 4.3 MEDIUM | N/A |
GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
CVE-2012-3355 | 1 Gnome | 1 Rhythmbox | 2023-12-10 | 3.6 LOW | N/A |
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory. | |||||
CVE-2011-4129 | 1 Gnome | 1 Libsocialweb | 2023-12-10 | 5.8 MEDIUM | N/A |
(1) services/twitter/twitter-contact-view.c and (2) services/twitter/twitter-item-view.c in libsocialweb before 0.25.20 automatically connect to Twitter when no Twitter account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. | |||||
CVE-2013-0240 | 2 Canonical, Gnome | 2 Ubuntu Linux, Gnome Online Accounts | 2023-12-10 | 4.3 MEDIUM | N/A |
Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. | |||||
CVE-2013-1913 | 3 Gimp, Gnome, Redhat | 3 Gimp, Glib, Enterprise Linux | 2023-12-10 | 6.8 MEDIUM | N/A |
Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump. | |||||
CVE-2011-3201 | 3 Gnome, Oracle, Redhat | 5 Evolution, Solaris, Enterprise Linux Desktop and 2 more | 2023-12-10 | 4.3 MEDIUM | N/A |
GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email. | |||||
CVE-2012-3378 | 1 Gnome | 1 At-spi2-atk | 2023-12-10 | 3.3 LOW | N/A |
The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2. | |||||
CVE-2012-4511 | 1 Gnome | 1 Libsocialweb | 2023-12-10 | 5.8 MEDIUM | N/A |
services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. | |||||
CVE-2013-1799 | 2 Canonical, Gnome | 2 Ubuntu Linux, Gnome Online Accounts | 2023-12-10 | 4.3 MEDIUM | N/A |
Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240. | |||||
CVE-2010-2387 | 1 Gnome | 1 Gnome Display Manager | 2023-12-10 | 1.9 LOW | N/A |
vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs. |