Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Gnome Subscribe
Total 295 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-4348 3 Debian, Gnome, Opensuse 4 Debian Linux, Librsvg, Leap and 1 more 2018-10-30 5.0 MEDIUM 7.5 HIGH
The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.
CVE-2016-6855 4 Canonical, Fedoraproject, Gnome and 1 more 6 Ubuntu Linux, Fedora, Eye Of Gnome and 3 more 2018-10-30 5.0 MEDIUM 7.5 HIGH
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.
CVE-2006-0040 1 Gnome 1 Evolution 2018-10-19 5.0 MEDIUM N/A
GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml.
CVE-2005-2975 2 Gnome, Gtk 2 Gdkpixbuf, Gtk\+ 2018-10-19 7.8 HIGH N/A
io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.
CVE-2005-3186 2 Gnome, Gtk 2 Gdkpixbuf, Gtk\+ 2018-10-19 7.5 HIGH N/A
Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.
CVE-2005-2976 2 Gnome, Gtk 2 Gdkpixbuf, Gtk\+ 2018-10-19 7.5 HIGH N/A
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.
CVE-2004-0782 2 Gnome, Gtk 2 Gdkpixbuf, Gtk\+ 2018-10-19 7.5 HIGH N/A
Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).
CVE-2004-0753 2 Gnome, Gtk 2 Gdkpixbuf, Gtk\+ 2018-10-19 5.0 MEDIUM N/A
The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.
CVE-2004-0783 2 Gnome, Gtk 2 Gdkpixbuf, Gtk\+ 2018-10-19 7.5 HIGH N/A
Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).
CVE-2004-0788 2 Gnome, Gtk 2 Gdkpixbuf, Gtk\+ 2018-10-19 5.0 MEDIUM N/A
Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file.
CVE-2018-14424 1 Gnome 1 Gnome Display Manager 2018-10-18 4.6 MEDIUM 7.8 HIGH
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.
CVE-2006-0820 1 Gnome 1 Dwarf Http Server 2018-10-18 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified error messages.
CVE-2006-0819 1 Gnome 1 Dwarf Http Server 2018-10-18 7.8 HIGH N/A
Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request.
CVE-2007-3381 1 Gnome 1 Gdm 2018-10-16 1.5 LOW N/A
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
CVE-2007-3257 1 Gnome 1 Evolution 2018-10-16 6.8 MEDIUM N/A
Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index.
CVE-2007-1266 1 Gnome 1 Evolution 2018-10-16 5.0 MEDIUM N/A
Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
CVE-2008-0072 2 Gnome, Linux 2 Evolution, Linux Kernel 2018-10-15 6.8 MEDIUM N/A
Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.
CVE-2007-5337 3 Gnome, Linux, Mozilla 4 Gnome-vfs, Linux Kernel, Firefox and 1 more 2018-10-15 4.3 MEDIUM N/A
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server.
CVE-2008-7185 1 Gnome 1 Rhythmbox 2018-10-11 4.3 MEDIUM N/A
GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c.
CVE-2008-5660 1 Gnome 1 Vinagre 2018-10-11 6.8 MEDIUM N/A
Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response.