Filtered by vendor Gnome
Subscribe
Total
312 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0504 | 3 Gnome, Open Group, Xfree86 Project | 3 Gdm, X, X11r6 | 2025-04-03 | 5.0 MEDIUM | N/A |
| libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro. | |||||
| CVE-2006-0820 | 1 Gnome | 1 Dwarf Http Server | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified error messages. | |||||
| CVE-2004-0888 | 11 Debian, Easy Software Products, Gentoo and 8 more | 16 Debian Linux, Cups, Linux and 13 more | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889. | |||||
| CVE-2004-0753 | 1 Gnome | 2 Gdkpixbuf, Gtk | 2025-04-03 | 5.0 MEDIUM | N/A |
| The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file. | |||||
| CVE-2005-0102 | 2 Debian, Gnome | 2 Debian Linux, Evolution | 2025-04-03 | 7.2 HIGH | 9.8 CRITICAL |
| Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow. | |||||
| CVE-2006-2789 | 1 Gnome | 1 Evolution | 2025-04-03 | 2.6 LOW | N/A |
| Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used. | |||||
| CVE-2006-1335 | 1 Gnome | 1 Screensaver | 2025-04-03 | 3.7 LOW | N/A |
| gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard sequence, which removes the grab from gnome. | |||||
| CVE-2005-3186 | 2 Gnome, Gtk | 2 Gdkpixbuf, Gtk\+ | 2025-04-03 | 7.5 HIGH | N/A |
| Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow. | |||||
| CVE-2006-0528 | 1 Gnome | 1 Evolution | 2025-04-03 | 5.0 MEDIUM | N/A |
| The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment. | |||||
| CVE-2003-0165 | 1 Gnome | 1 Eog | 2025-04-03 | 4.6 MEDIUM | N/A |
| Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display. | |||||
| CVE-2004-0788 | 1 Gnome | 2 Gdkpixbuf, Gtk | 2025-04-03 | 5.0 MEDIUM | N/A |
| Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file. | |||||
| CVE-2006-3057 | 1 Gnome | 1 Dhcdbd | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) allows remote attackers to cause a denial of service (crash) via certain invalid DHCP responses that trigger memory corruption. | |||||
| CVE-2005-2975 | 1 Gnome | 2 Gdkpixbuf, Gtk | 2025-04-03 | 7.8 HIGH | N/A |
| io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors. | |||||
| CVE-2023-26081 | 2 Fedoraproject, Gnome | 2 Fedora, Epiphany | 2025-03-18 | N/A | 7.5 HIGH |
| In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. | |||||
| CVE-2021-20240 | 2 Fedoraproject, Gnome | 2 Fedora, Gdk-pixbuf | 2025-02-12 | 8.3 HIGH | 8.8 HIGH |
| A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2024-42415 | 1 Gnome | 1 Libgsf | 2024-11-21 | N/A | 8.4 HIGH |
| An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2024-36474 | 1 Gnome | 1 Libgsf | 2024-11-21 | N/A | 8.4 HIGH |
| An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2023-5557 | 2 Gnome, Redhat | 2 Tracker Miners, Enterprise Linux | 2024-11-21 | N/A | 7.5 HIGH |
| A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability. | |||||
| CVE-2023-43090 | 2 Fedoraproject, Gnome | 2 Fedora, Gnome-shell | 2024-11-21 | N/A | 5.5 MEDIUM |
| A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool. | |||||
| CVE-2023-38633 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Librsvg | 2024-11-21 | N/A | 5.5 MEDIUM |
| A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. | |||||