Filtered by vendor Gnome
Subscriptions
Total
356 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-1943 | 2 Fedoraproject, Gnome | 2 Fedora, Networkmanager | 2025-04-11 | N/A |
| The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file. | ||||
| CVE-2010-4831 | 1 Gnome | 1 Gtk | 2025-04-11 | N/A |
| Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in GTK+ before 2.21.8 allows local users to gain privileges via a Trojan horse Wintab32.dll file in the current working directory. | ||||
| CVE-2006-7240 | 1 Gnome | 1 Power Manager | 2025-04-11 | N/A |
| gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. | ||||
| CVE-2013-6836 | 1 Gnome | 1 Gnumeric | 2025-04-11 | N/A |
| Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value. | ||||
| CVE-2011-0433 | 4 Gnome, Redhat, T1lib and 1 more | 4 Evince, Enterprise Linux, T1lib and 1 more | 2025-04-11 | N/A |
| Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642. | ||||
| CVE-2012-3355 | 1 Gnome | 1 Rhythmbox | 2025-04-11 | N/A |
| (1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory. | ||||
| CVE-2011-3193 | 5 Canonical, Gnome, Opensuse and 2 more | 9 Ubuntu Linux, Pango, Opensuse and 6 more | 2025-04-11 | N/A |
| Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. | ||||
| CVE-2010-0285 | 1 Gnome | 1 Screensaver | 2025-04-11 | N/A |
| gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor. | ||||
| CVE-2012-3466 | 1 Gnome | 1 Gnome-keyring | 2025-04-11 | N/A |
| GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors. | ||||
| CVE-2011-1709 | 1 Gnome | 2 Gdm, Glib | 2025-04-11 | N/A |
| GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type. | ||||
| CVE-2011-0020 | 3 Gnome, Pango, Redhat | 3 Pango, Pango, Enterprise Linux | 2025-04-11 | N/A |
| Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object. | ||||
| CVE-2010-4833 | 1 Gnome | 1 Gtk | 2025-04-11 | N/A |
| Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability than CVE-2010-4831. | ||||
| CVE-2013-0240 | 2 Canonical, Gnome | 2 Ubuntu Linux, Gnome Online Accounts | 2025-04-11 | N/A |
| Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. | ||||
| CVE-2010-2713 | 2 Gnome, Nalin Dahyabhai | 2 Gnome-terminal, Vte | 2025-04-11 | N/A |
| The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression. | ||||
| CVE-2012-0039 | 1 Gnome | 1 Glib | 2025-04-11 | 7.5 High |
| GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application. | ||||
| CVE-2010-0414 | 1 Gnome | 1 Screensaver | 2025-04-11 | N/A |
| gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor. | ||||
| CVE-2011-2524 | 2 Gnome, Redhat | 2 Libsoup, Enterprise Linux | 2025-04-11 | N/A |
| Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI. | ||||
| CVE-2010-0421 | 2 Gnome, Redhat | 2 Pango, Enterprise Linux | 2025-04-11 | N/A |
| Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database. | ||||
| CVE-2013-1050 | 1 Gnome | 1 Gnome Screensaver | 2025-04-11 | N/A |
| The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation. | ||||
| CVE-2023-26081 | 2 Fedoraproject, Gnome | 2 Fedora, Epiphany | 2025-03-18 | 7.5 High |
| In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. | ||||