Filtered by vendor Gnome
Subscribe
Total
307 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-0828 | 3 Gnome, Xchat, Xchat-wdk | 3 Gtk, Xchat, Xchat-wdk | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP). | |||||
CVE-2012-0039 | 1 Gnome | 1 Glib | 2024-11-21 | 5.0 MEDIUM | N/A |
** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application. | |||||
CVE-2011-5244 | 3 Gnome, T1lib, Tetex | 3 Evince, T1lib, Tetex | 2024-11-21 | 6.8 MEDIUM | N/A |
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433. | |||||
CVE-2011-4170 | 1 Gnome | 1 Empathy | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635. | |||||
CVE-2011-4129 | 1 Gnome | 1 Libsocialweb | 2024-11-21 | 5.8 MEDIUM | N/A |
(1) services/twitter/twitter-contact-view.c and (2) services/twitter/twitter-item-view.c in libsocialweb before 0.25.20 automatically connect to Twitter when no Twitter account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. | |||||
CVE-2011-3635 | 1 Gnome | 1 Empathy | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname). | |||||
CVE-2011-3364 | 1 Gnome | 2 Ifcfg-rh Plug-in, Networkmanager | 2024-11-21 | 6.9 MEDIUM | N/A |
Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file. | |||||
CVE-2011-3355 | 2 Gnome, Linux | 2 Evolution-data-server3, Linux Kernel | 2024-11-21 | 4.3 MEDIUM | 7.3 HIGH |
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim. | |||||
CVE-2011-3201 | 3 Gnome, Oracle, Redhat | 5 Evolution, Solaris, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | N/A |
GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email. | |||||
CVE-2011-3193 | 5 Canonical, Gnome, Opensuse and 2 more | 8 Ubuntu Linux, Pango, Opensuse and 5 more | 2024-11-21 | 9.3 HIGH | N/A |
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. | |||||
CVE-2011-3146 | 1 Gnome | 1 Librsvg | 2024-11-21 | 6.8 MEDIUM | N/A |
librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive. | |||||
CVE-2011-2897 | 3 Debian, Gnome, Redhat | 3 Debian Linux, Gdk-pixbuf, Enterprise Linux | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw | |||||
CVE-2011-2524 | 1 Gnome | 1 Libsoup | 2024-11-21 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI. | |||||
CVE-2011-2485 | 1 Gnome | 1 Gdk-pixbuf | 2024-11-21 | 4.3 MEDIUM | N/A |
The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file. | |||||
CVE-2011-2198 | 3 Gnome, Opensuse, Oracle | 3 Gnome-terminal, Opensuse, Solaris | 2024-11-21 | 3.5 LOW | N/A |
The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@". | |||||
CVE-2011-2176 | 1 Gnome | 1 Networkmanager | 2024-11-21 | 2.1 LOW | N/A |
GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors. | |||||
CVE-2011-1943 | 2 Fedoraproject, Gnome | 2 Fedora, Networkmanager | 2024-11-21 | 2.1 LOW | N/A |
The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file. | |||||
CVE-2011-1709 | 1 Gnome | 2 Gdm, Glib | 2024-11-21 | 7.2 HIGH | N/A |
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type. | |||||
CVE-2011-0727 | 1 Gnome | 1 Gdm | 2024-11-21 | 6.9 MEDIUM | N/A |
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/. | |||||
CVE-2011-0433 | 3 Gnome, T1lib, Tetex | 3 Evince, T1lib, Tetex | 2024-11-21 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642. |