Filtered by vendor Gnome Subscriptions
Total 323 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2008-0887 2 Gnome, Redhat 2 Screensaver, Enterprise Linux 2025-04-09 N/A
gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859.
CVE-2009-1631 1 Gnome 1 Evolution 2025-04-09 N/A
The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files.
CVE-2009-3608 8 Foolabs, Glyph And Cog, Glyphandcog and 5 more 8 Xpdf, Pdftops, Xpdfreader and 5 more 2025-04-09 N/A
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
CVE-2009-1276 2 Gnome, Sun 3 Gnome, Opensolaris, Solaris 2025-04-09 N/A
XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications.
CVE-2009-0582 2 Gnome, Redhat 2 Evolution-data-server, Enterprise Linux 2025-04-09 N/A
The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.
CVE-2009-3289 3 Gnome, Opensuse, Suse 3 Glib, Opensuse, Suse Linux Enterprise Server 2025-04-09 7.8 High
The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.
CVE-2008-7185 1 Gnome 1 Rhythmbox 2025-04-09 N/A
GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c.
CVE-2007-3381 2 Gnome, Redhat 2 Gdm, Enterprise Linux 2025-04-09 N/A
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
CVE-2000-0504 3 Gnome, Open Group, Xfree86 Project 3 Gdm, X, X11r6 2025-04-03 N/A
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
CVE-2006-2452 1 Gnome 1 Gdm 2025-04-03 N/A
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
CVE-2003-0133 2 Gnome, Redhat 2 Gtkhtml, Linux 2025-04-03 N/A
GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages.
CVE-2004-0888 11 Debian, Easy Software Products, Gentoo and 8 more 16 Debian Linux, Cups, Linux and 13 more 2025-04-03 N/A
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
CVE-2000-0948 1 Gnome 1 Gnorpm 2025-04-03 N/A
GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack.
CVE-2006-1335 1 Gnome 1 Screensaver 2025-04-03 N/A
gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard sequence, which removes the grab from gnome.
CVE-2000-0864 1 Gnome 1 Esound 2025-04-03 N/A
Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.
CVE-2000-0491 3 Caldera, Gnome, Suse 3 Openlinux, Gdm, Suse Linux 2025-04-03 N/A
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
CVE-2006-0820 1 Gnome 1 Dwarf Http Server 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified error messages.
CVE-2006-0819 1 Gnome 1 Dwarf Http Server 2025-04-03 N/A
Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request.
CVE-2005-1686 2 Gnome, Redhat 2 Gedit, Enterprise Linux 2025-04-03 N/A
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.
CVE-2005-2976 2 Gnome, Redhat 3 Gdkpixbuf, Gtk, Enterprise Linux 2025-04-03 N/A
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.