Filtered by vendor Gnome
Subscribe
Total
312 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-0819 | 1 Gnome | 1 Dwarf Http Server | 2023-12-10 | 7.8 HIGH | N/A |
Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request. | |||||
CVE-2006-2452 | 1 Gnome | 1 Gdm | 2023-12-10 | 3.7 LOW | N/A |
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges. | |||||
CVE-2006-1335 | 1 Gnome | 1 Screensaver | 2023-12-10 | 3.7 LOW | N/A |
gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard sequence, which removes the grab from gnome. | |||||
CVE-2005-1686 | 1 Gnome | 1 Gedit | 2023-12-10 | 2.6 LOW | N/A |
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries. | |||||
CVE-2006-0040 | 1 Gnome | 1 Evolution | 2023-12-10 | 5.0 MEDIUM | N/A |
GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml. | |||||
CVE-2005-2550 | 1 Gnome | 1 Evolution | 2023-12-10 | 7.5 HIGH | N/A |
Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab. | |||||
CVE-2000-0491 | 3 Caldera, Gnome, Suse | 3 Openlinux, Gdm, Suse Linux | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request. | |||||
CVE-2003-0548 | 2 Gnome, Redhat | 4 Gdm, Enterprise Linux, Kdebase and 1 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549. | |||||
CVE-2003-0165 | 1 Gnome | 1 Eog | 2023-12-10 | 4.6 MEDIUM | N/A |
Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display. | |||||
CVE-2001-0084 | 1 Gnome | 1 Gtk | 2023-12-10 | 7.2 HIGH | N/A |
GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program. | |||||
CVE-2003-0541 | 1 Gnome | 1 Gtkhtml | 2023-12-10 | 5.0 MEDIUM | N/A |
gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference. | |||||
CVE-2003-0794 | 1 Gnome | 1 Gdm | 2023-12-10 | 2.1 LOW | N/A |
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results. | |||||
CVE-2003-0070 | 2 Gnome, Nalin Dahyabhai | 2 Gnome-terminal, Vte | 2023-12-10 | 6.8 MEDIUM | N/A |
VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. | |||||
CVE-2000-0948 | 1 Gnome | 1 Gnorpm | 2023-12-10 | 7.2 HIGH | N/A |
GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack. | |||||
CVE-2001-0928 | 1 Gnome | 1 Libgtop Daemon | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in the permitted function of GNOME gtop daemon (libgtop_daemon) in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data. | |||||
CVE-2003-0793 | 1 Gnome | 1 Gdm | 2023-12-10 | 2.1 LOW | N/A |
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption). | |||||
CVE-2004-0782 | 1 Gnome | 2 Gdkpixbuf, Gtk | 2023-12-10 | 7.5 HIGH | N/A |
Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687). | |||||
CVE-2003-0547 | 2 Gnome, Redhat | 2 Gdm, Kdebase | 2023-12-10 | 2.1 LOW | N/A |
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file. | |||||
CVE-2004-0783 | 1 Gnome | 2 Gdkpixbuf, Gtk | 2023-12-10 | 7.5 HIGH | N/A |
Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688). | |||||
CVE-2003-0549 | 2 Gnome, Redhat | 4 Gdm, Enterprise Linux, Kdebase and 1 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name. |