Filtered by vendor Gnome
Subscribe
Total
295 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9888 | 1 Gnome | 1 Libgsf | 2016-12-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file. | |||||
| CVE-2013-1881 | 1 Gnome | 1 Librsvg | 2016-12-07 | 4.3 MEDIUM | N/A |
| GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2003-0407 | 1 Gnome | 1 Batalla Naval | 2016-10-17 | 10.0 HIGH | N/A |
| Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows remote attackers to execute arbitrary code via a long connection string. | |||||
| CVE-2003-0070 | 2 Gnome, Nalin Dahyabhai | 2 Gnome-terminal, Vte | 2016-10-17 | 6.8 MEDIUM | N/A |
| VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. | |||||
| CVE-2001-0928 | 1 Gnome | 1 Libgtop Daemon | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in the permitted function of GNOME gtop daemon (libgtop_daemon) in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data. | |||||
| CVE-2001-0927 | 1 Gnome | 1 Libgtop Daemon | 2016-10-17 | 7.5 HIGH | N/A |
| Format string vulnerability in the permitted function of GNOME libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers to execute arbitrary code via an argument that contains format specifiers that are passed into the (1) syslog_message and (2) syslog_io_message functions. | |||||
| CVE-2015-8875 | 2 Debian, Gnome | 2 Debian Linux, Gdk-pixbuf | 2016-10-04 | 6.8 MEDIUM | 7.8 HIGH |
| Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow. | |||||
| CVE-2014-7300 | 2 Gnome, Redhat | 5 Gnome-shell, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2016-08-31 | 7.2 HIGH | N/A |
| GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer. | |||||
| CVE-2015-7558 | 2 Debian, Gnome | 2 Debian Linux, Librsvg | 2016-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document. | |||||
| CVE-2015-7557 | 1 Gnome | 1 Librsvg | 2016-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document. | |||||
| CVE-2015-2785 | 1 Gnome | 1 Byzanz | 2015-03-30 | 7.5 HIGH | N/A |
| The GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap write and crash) or possibly execute arbitrary code via a crafted Byzanz debug data recording (ByzanzRecording file) to the byzanz-playback command. | |||||
| CVE-2013-7273 | 1 Gnome | 1 Gnome Display Manager | 2014-04-30 | 2.1 LOW | N/A |
| GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name. | |||||
| CVE-2013-7221 | 1 Gnome | 1 Gnome-shell | 2014-04-29 | 4.6 MEDIUM | N/A |
| The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation. | |||||
| CVE-2013-7220 | 1 Gnome | 1 Gnome-shell | 2014-04-29 | 4.6 MEDIUM | N/A |
| js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search. | |||||
| CVE-2012-3466 | 1 Gnome | 1 Gnome-keyring | 2013-12-04 | 4.4 MEDIUM | N/A |
| GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors. | |||||
| CVE-2013-4169 | 1 Gnome | 1 Gnome Display Manager | 2013-09-11 | 6.9 MEDIUM | N/A |
| GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/. | |||||
| CVE-2012-1177 | 1 Gnome | 1 Libgdata | 2013-04-04 | 5.1 MEDIUM | N/A |
| libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate. | |||||
| CVE-2013-0240 | 2 Canonical, Gnome | 2 Ubuntu Linux, Gnome Online Accounts | 2013-04-01 | 4.3 MEDIUM | N/A |
| Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. | |||||
| CVE-2013-1050 | 1 Gnome | 1 Gnome Screensaver | 2013-03-17 | 7.2 HIGH | N/A |
| The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation. | |||||
| CVE-2011-3635 | 1 Gnome | 1 Empathy | 2012-11-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname). | |||||