Filtered by vendor Gnome
Subscribe
Total
319 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-7240 | 1 Gnome | 1 Power Manager | 2025-04-11 | 7.2 HIGH | N/A |
gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. | |||||
CVE-2012-3466 | 1 Gnome | 1 Gnome-keyring | 2025-04-11 | 4.4 MEDIUM | N/A |
GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors. | |||||
CVE-2011-0727 | 1 Gnome | 1 Gdm | 2025-04-11 | 6.9 MEDIUM | N/A |
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/. | |||||
CVE-2011-0064 | 2 Gnome, Mozilla | 2 Pango, Firefox | 2025-04-11 | 6.8 MEDIUM | N/A |
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index. | |||||
CVE-2012-4511 | 1 Gnome | 1 Libsocialweb | 2025-04-11 | 5.8 MEDIUM | N/A |
services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. | |||||
CVE-2012-2132 | 1 Gnome | 1 Libsoup | 2025-04-11 | 5.0 MEDIUM | N/A |
libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection. | |||||
CVE-2012-4427 | 1 Gnome | 1 Gnome-shell | 2025-04-11 | 6.8 MEDIUM | N/A |
The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page. | |||||
CVE-2013-1799 | 2 Canonical, Gnome | 2 Ubuntu Linux, Gnome Online Accounts | 2025-04-11 | 4.3 MEDIUM | N/A |
Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240. | |||||
CVE-2011-5244 | 3 Gnome, T1lib, Tetex | 3 Evince, T1lib, Tetex | 2025-04-11 | 6.8 MEDIUM | N/A |
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433. | |||||
CVE-2013-1881 | 1 Gnome | 1 Librsvg | 2025-04-11 | 4.3 MEDIUM | N/A |
GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
CVE-2010-0414 | 1 Gnome | 1 Screensaver | 2025-04-11 | 7.2 HIGH | N/A |
gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor. | |||||
CVE-2012-0039 | 1 Gnome | 1 Glib | 2025-04-11 | 5.0 MEDIUM | 7.5 HIGH |
GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application. | |||||
CVE-2012-0948 | 2 Canonical, Gnome | 2 Ubuntu Linux, Update-manager-core | 2025-04-11 | 2.1 LOW | N/A |
DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials. | |||||
CVE-2011-1709 | 1 Gnome | 2 Gdm, Glib | 2025-04-11 | 7.2 HIGH | N/A |
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type. | |||||
CVE-2011-3635 | 1 Gnome | 1 Empathy | 2025-04-11 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname). | |||||
CVE-2012-3355 | 1 Gnome | 1 Rhythmbox | 2025-04-11 | 3.6 LOW | N/A |
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory. | |||||
CVE-2010-0409 | 1 Gnome | 1 Gmime | 2025-04-11 | 7.5 HIGH | N/A |
Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodings.h in GMime before 2.4.15 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via input data for a uuencode operation. | |||||
CVE-2011-3146 | 1 Gnome | 1 Librsvg | 2025-04-11 | 6.8 MEDIUM | N/A |
librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive. | |||||
CVE-2009-4641 | 1 Gnome | 1 Screensaver | 2025-04-11 | 7.2 HIGH | N/A |
gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended. | |||||
CVE-2010-4005 | 1 Gnome | 1 Tomboy | 2025-04-11 | 6.9 MEDIUM | N/A |
The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for CVE-2005-4790.2. |