Filtered by vendor Gnome
Subscriptions
Total
331 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-4511 | 1 Gnome | 1 Libsocialweb | 2025-04-11 | N/A |
| services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. | ||||
| CVE-2013-1050 | 1 Gnome | 1 Gnome Screensaver | 2025-04-11 | N/A |
| The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation. | ||||
| CVE-2012-4427 | 1 Gnome | 1 Gnome-shell | 2025-04-11 | N/A |
| The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page. | ||||
| CVE-2012-3452 | 1 Gnome | 1 Screensaver | 2025-04-11 | N/A |
| gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple screens are used, only locks the screen with the active focus, which allows physically proximate attackers to bypass screen locking and access an unattended workstation. | ||||
| CVE-2012-3378 | 1 Gnome | 1 At-spi2-atk | 2025-04-11 | N/A |
| The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2. | ||||
| CVE-2010-0414 | 1 Gnome | 1 Screensaver | 2025-04-11 | N/A |
| gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor. | ||||
| CVE-2013-1799 | 2 Canonical, Gnome | 2 Ubuntu Linux, Gnome Online Accounts | 2025-04-11 | N/A |
| Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240. | ||||
| CVE-2012-2132 | 1 Gnome | 1 Libsoup | 2025-04-11 | N/A |
| libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection. | ||||
| CVE-2010-2387 | 1 Gnome | 1 Gnome Display Manager | 2025-04-11 | N/A |
| vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs. | ||||
| CVE-2012-2370 | 2 Gnome, Redhat | 2 Gdk-pixbuf, Enterprise Linux | 2025-04-11 | N/A |
| Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow. | ||||
| CVE-2012-0039 | 1 Gnome | 1 Glib | 2025-04-11 | 7.5 High |
| GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application. | ||||
| CVE-2010-0409 | 1 Gnome | 1 Gmime | 2025-04-11 | N/A |
| Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodings.h in GMime before 2.4.15 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via input data for a uuencode operation. | ||||
| CVE-2012-0948 | 2 Canonical, Gnome | 2 Ubuntu Linux, Update-manager-core | 2025-04-11 | N/A |
| DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials. | ||||
| CVE-2011-3146 | 2 Gnome, Redhat | 2 Librsvg, Enterprise Linux | 2025-04-11 | N/A |
| librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive. | ||||
| CVE-2011-2524 | 2 Gnome, Redhat | 2 Libsoup, Enterprise Linux | 2025-04-11 | N/A |
| Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI. | ||||
| CVE-2011-1943 | 2 Fedoraproject, Gnome | 2 Fedora, Networkmanager | 2025-04-11 | N/A |
| The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file. | ||||
| CVE-2011-0727 | 2 Gnome, Redhat | 2 Gdm, Enterprise Linux | 2025-04-11 | N/A |
| GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/. | ||||
| CVE-2011-1709 | 1 Gnome | 2 Gdm, Glib | 2025-04-11 | N/A |
| GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type. | ||||
| CVE-2010-2713 | 2 Gnome, Nalin Dahyabhai | 2 Gnome-terminal, Vte | 2025-04-11 | N/A |
| The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression. | ||||
| CVE-2011-3635 | 1 Gnome | 1 Empathy | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname). | ||||