Filtered by vendor Gnome
Subscriptions
Total
322 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2003-0794 | 1 Gnome | 1 Gdm | 2025-04-03 | N/A |
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results. | ||||
CVE-2003-0548 | 2 Gnome, Redhat | 5 Gdm, Enterprise Linux, Kdebase and 2 more | 2025-04-03 | N/A |
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549. | ||||
CVE-2003-0407 | 1 Gnome | 1 Batalla Naval | 2025-04-03 | N/A |
Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows remote attackers to execute arbitrary code via a long connection string. | ||||
CVE-2003-0165 | 2 Gnome, Redhat | 2 Eog, Linux | 2025-04-03 | N/A |
Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display. | ||||
CVE-2006-3057 | 1 Gnome | 1 Dhcdbd | 2025-04-03 | N/A |
Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) allows remote attackers to cause a denial of service (crash) via certain invalid DHCP responses that trigger memory corruption. | ||||
CVE-2005-2958 | 1 Gnome | 1 Libgda2 | 2025-04-03 | N/A |
Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary code. | ||||
CVE-2005-2550 | 2 Gnome, Redhat | 2 Evolution, Enterprise Linux | 2025-04-03 | N/A |
Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab. | ||||
CVE-2005-1686 | 2 Gnome, Redhat | 2 Gedit, Enterprise Linux | 2025-04-03 | N/A |
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries. | ||||
CVE-2004-0888 | 11 Debian, Easy Software Products, Gentoo and 8 more | 16 Debian Linux, Cups, Linux and 13 more | 2025-04-03 | N/A |
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889. | ||||
CVE-2004-0782 | 2 Gnome, Redhat | 3 Gdkpixbuf, Gtk, Enterprise Linux | 2025-04-03 | N/A |
Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687). | ||||
CVE-2006-2789 | 1 Gnome | 1 Evolution | 2025-04-03 | N/A |
Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used. | ||||
CVE-2004-0753 | 2 Gnome, Redhat | 3 Gdkpixbuf, Gtk, Enterprise Linux | 2025-04-03 | N/A |
The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file. | ||||
CVE-2003-0549 | 2 Gnome, Redhat | 5 Gdm, Enterprise Linux, Kdebase and 2 more | 2025-04-03 | N/A |
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name. | ||||
CVE-2006-2452 | 1 Gnome | 1 Gdm | 2025-04-03 | N/A |
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges. | ||||
CVE-2003-0080 | 2 Gnome, Redhat | 2 Gnome-lokkit, Linux | 2025-04-03 | N/A |
The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not include any rules in the FORWARD chain, which could allow attackers to bypass intended access restrictions if packet forwarding is enabled. | ||||
CVE-2000-0948 | 1 Gnome | 1 Gnorpm | 2025-04-03 | N/A |
GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack. | ||||
CVE-2001-0084 | 1 Gnome | 1 Gtk | 2025-04-03 | N/A |
GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program. | ||||
CVE-2004-0111 | 3 Gnome, Redhat, Sgi | 6 Gdkpixbuf, Enterprise Linux, Gdk Pixbuf and 3 more | 2025-04-03 | N/A |
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file. | ||||
CVE-2003-0547 | 2 Gnome, Redhat | 3 Gdm, Kdebase, Linux | 2025-04-03 | N/A |
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file. | ||||
CVE-2023-26081 | 2 Fedoraproject, Gnome | 2 Fedora, Epiphany | 2025-03-18 | 7.5 High |
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. |