Filtered by vendor Gnome
Subscribe
Total
312 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-4641 | 1 Gnome | 1 Screensaver | 2023-12-10 | 7.2 HIGH | N/A |
gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended. | |||||
CVE-2011-3364 | 1 Gnome | 2 Ifcfg-rh Plug-in, Networkmanager | 2023-12-10 | 6.9 MEDIUM | N/A |
Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file. | |||||
CVE-2010-4005 | 1 Gnome | 1 Tomboy | 2023-12-10 | 6.9 MEDIUM | N/A |
The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for CVE-2005-4790.2. | |||||
CVE-2010-0422 | 1 Gnome | 1 Screensaver | 2023-12-10 | 4.0 MEDIUM | N/A |
gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to CVE-2010-0414. | |||||
CVE-2010-0414 | 1 Gnome | 1 Screensaver | 2023-12-10 | 7.2 HIGH | N/A |
gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor. | |||||
CVE-2009-4144 | 1 Gnome | 1 Networkmanager | 2023-12-10 | 6.8 MEDIUM | N/A |
NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network. | |||||
CVE-2011-0064 | 2 Gnome, Mozilla | 2 Pango, Firefox | 2023-12-10 | 6.8 MEDIUM | N/A |
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index. | |||||
CVE-2011-0727 | 1 Gnome | 1 Gdm | 2023-12-10 | 6.9 MEDIUM | N/A |
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/. | |||||
CVE-2010-2713 | 2 Gnome, Nalin Dahyabhai | 2 Gnome-terminal, Vte | 2023-12-10 | 6.8 MEDIUM | N/A |
The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression. | |||||
CVE-2009-3609 | 6 Foolabs, Glyph And Cog, Glyphandcog and 3 more | 6 Xpdf, Pdftops, Xpdfreader and 3 more | 2023-12-10 | 4.3 MEDIUM | N/A |
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read. | |||||
CVE-2008-5660 | 1 Gnome | 1 Vinagre | 2023-12-10 | 6.8 MEDIUM | N/A |
Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response. | |||||
CVE-2009-1276 | 2 Gnome, Sun | 3 Gnome, Opensolaris, Solaris | 2023-12-10 | 2.1 LOW | N/A |
XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications. | |||||
CVE-2008-7185 | 1 Gnome | 1 Rhythmbox | 2023-12-10 | 4.3 MEDIUM | N/A |
GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c. | |||||
CVE-2009-0317 | 1 Gnome | 1 Nautilus-python | 2023-12-10 | 6.9 MEDIUM | N/A |
Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
CVE-2009-0582 | 1 Gnome | 1 Evolution-data-server | 2023-12-10 | 5.8 MEDIUM | N/A |
The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data. | |||||
CVE-2008-4316 | 1 Gnome | 1 Glib | 2023-12-10 | 4.6 MEDIUM | N/A |
Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation. | |||||
CVE-2008-3533 | 1 Gnome | 2 Gnome, Yelp | 2023-12-10 | 10.0 HIGH | N/A |
Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs. | |||||
CVE-2008-5987 | 1 Gnome | 1 Eog | 2023-12-10 | 6.9 MEDIUM | N/A |
Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
CVE-2009-0318 | 1 Gnome | 1 Gnumeric | 2023-12-10 | 6.9 MEDIUM | N/A |
Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
CVE-2008-5985 | 1 Gnome | 1 Epiphany | 2023-12-10 | 6.9 MEDIUM | N/A |
Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). |