Filtered by vendor Gnome
Subscribe
Total
315 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8154 | 2 Gnome, Opensuse | 2 Vala, Opensuse | 2025-04-12 | 7.5 HIGH | N/A |
| The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow. | |||||
| CVE-2016-6352 | 3 Canonical, Gnome, Opensuse | 4 Ubuntu Linux, Gdk-pixbuf, Leap and 1 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. | |||||
| CVE-2013-7273 | 1 Gnome | 1 Gnome Display Manager | 2025-04-12 | 2.1 LOW | N/A |
| GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name. | |||||
| CVE-2015-7217 | 4 Fedoraproject, Gnome, Mozilla and 1 more | 5 Fedora, Gnome, Firefox and 2 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image. | |||||
| CVE-2016-9888 | 1 Gnome | 1 Libgsf | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file. | |||||
| CVE-2015-7558 | 2 Debian, Gnome | 2 Debian Linux, Librsvg | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document. | |||||
| CVE-2015-0552 | 2 Gnome, Opensuse | 2 Gcab, Opensuse | 2025-04-12 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by "\tmp\moo." | |||||
| CVE-2013-7221 | 1 Gnome | 1 Gnome-shell | 2025-04-12 | 4.6 MEDIUM | N/A |
| The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation. | |||||
| CVE-2011-2198 | 3 Gnome, Opensuse, Oracle | 3 Gnome-terminal, Opensuse, Solaris | 2025-04-12 | 3.5 LOW | N/A |
| The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@". | |||||
| CVE-2013-7220 | 1 Gnome | 1 Gnome-shell | 2025-04-12 | 4.6 MEDIUM | N/A |
| js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search. | |||||
| CVE-2015-4491 | 8 Canonical, Fedoraproject, Gnome and 5 more | 8 Ubuntu Linux, Fedora, Gdk-pixbuf and 5 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling. | |||||
| CVE-2015-2785 | 1 Gnome | 1 Byzanz | 2025-04-12 | 7.5 HIGH | N/A |
| The GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap write and crash) or possibly execute arbitrary code via a crafted Byzanz debug data recording (ByzanzRecording file) to the byzanz-playback command. | |||||
| CVE-2011-1943 | 2 Fedoraproject, Gnome | 2 Fedora, Networkmanager | 2025-04-11 | 2.1 LOW | N/A |
| The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file. | |||||
| CVE-2011-3193 | 5 Canonical, Gnome, Opensuse and 2 more | 8 Ubuntu Linux, Pango, Opensuse and 5 more | 2025-04-11 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. | |||||
| CVE-2011-0020 | 2 Gnome, Pango | 2 Pango, Pango | 2025-04-11 | 7.6 HIGH | N/A |
| Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object. | |||||
| CVE-2011-2485 | 1 Gnome | 1 Gdk-pixbuf | 2025-04-11 | 4.3 MEDIUM | N/A |
| The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file. | |||||
| CVE-2006-7240 | 1 Gnome | 1 Power Manager | 2025-04-11 | 7.2 HIGH | N/A |
| gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. | |||||
| CVE-2012-3466 | 1 Gnome | 1 Gnome-keyring | 2025-04-11 | 4.4 MEDIUM | N/A |
| GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors. | |||||
| CVE-2011-0727 | 1 Gnome | 1 Gdm | 2025-04-11 | 6.9 MEDIUM | N/A |
| GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/. | |||||
| CVE-2011-0064 | 2 Gnome, Mozilla | 2 Pango, Firefox | 2025-04-11 | 6.8 MEDIUM | N/A |
| The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index. | |||||