Filtered by vendor Gnome
Subscriptions
Total
323 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-0887 | 2 Gnome, Redhat | 2 Screensaver, Enterprise Linux | 2025-04-09 | N/A |
gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859. | ||||
CVE-2009-1631 | 1 Gnome | 1 Evolution | 2025-04-09 | N/A |
The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files. | ||||
CVE-2009-3608 | 8 Foolabs, Glyph And Cog, Glyphandcog and 5 more | 8 Xpdf, Pdftops, Xpdfreader and 5 more | 2025-04-09 | N/A |
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. | ||||
CVE-2009-1276 | 2 Gnome, Sun | 3 Gnome, Opensolaris, Solaris | 2025-04-09 | N/A |
XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications. | ||||
CVE-2009-0582 | 2 Gnome, Redhat | 2 Evolution-data-server, Enterprise Linux | 2025-04-09 | N/A |
The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data. | ||||
CVE-2009-3289 | 3 Gnome, Opensuse, Suse | 3 Glib, Opensuse, Suse Linux Enterprise Server | 2025-04-09 | 7.8 High |
The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory. | ||||
CVE-2008-7185 | 1 Gnome | 1 Rhythmbox | 2025-04-09 | N/A |
GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c. | ||||
CVE-2007-3381 | 2 Gnome, Redhat | 2 Gdm, Enterprise Linux | 2025-04-09 | N/A |
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/. | ||||
CVE-2000-0504 | 3 Gnome, Open Group, Xfree86 Project | 3 Gdm, X, X11r6 | 2025-04-03 | N/A |
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro. | ||||
CVE-2006-2452 | 1 Gnome | 1 Gdm | 2025-04-03 | N/A |
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges. | ||||
CVE-2003-0133 | 2 Gnome, Redhat | 2 Gtkhtml, Linux | 2025-04-03 | N/A |
GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages. | ||||
CVE-2004-0888 | 11 Debian, Easy Software Products, Gentoo and 8 more | 16 Debian Linux, Cups, Linux and 13 more | 2025-04-03 | N/A |
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889. | ||||
CVE-2000-0948 | 1 Gnome | 1 Gnorpm | 2025-04-03 | N/A |
GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack. | ||||
CVE-2006-1335 | 1 Gnome | 1 Screensaver | 2025-04-03 | N/A |
gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard sequence, which removes the grab from gnome. | ||||
CVE-2000-0864 | 1 Gnome | 1 Esound | 2025-04-03 | N/A |
Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack. | ||||
CVE-2000-0491 | 3 Caldera, Gnome, Suse | 3 Openlinux, Gdm, Suse Linux | 2025-04-03 | N/A |
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request. | ||||
CVE-2006-0820 | 1 Gnome | 1 Dwarf Http Server | 2025-04-03 | N/A |
Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified error messages. | ||||
CVE-2006-0819 | 1 Gnome | 1 Dwarf Http Server | 2025-04-03 | N/A |
Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request. | ||||
CVE-2005-1686 | 2 Gnome, Redhat | 2 Gedit, Enterprise Linux | 2025-04-03 | N/A |
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries. | ||||
CVE-2005-2976 | 2 Gnome, Redhat | 3 Gdkpixbuf, Gtk, Enterprise Linux | 2025-04-03 | N/A |
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186. |