Vulnerabilities (CVE)

Filtered by vendor Gnome Subscribe
Total 307 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-1108 1 Gnome 1 Evolution 2024-11-21 7.6 HIGH N/A
Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.
CVE-2008-0887 1 Gnome 1 Screensaver 2024-11-21 4.7 MEDIUM N/A
gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859.
CVE-2008-0668 2 Gnome, Redhat 2 Gnumeric, Fedora 2024-11-21 9.3 HIGH N/A
The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information.
CVE-2008-0072 2 Gnome, Linux 2 Evolution, Linux Kernel 2024-11-21 6.8 MEDIUM N/A
Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.
CVE-2007-6389 1 Gnome 1 Screensaver 2024-11-21 2.1 LOW N/A
The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V.
CVE-2007-5337 3 Gnome, Linux, Mozilla 4 Gnome-vfs, Linux Kernel, Firefox and 1 more 2024-11-21 4.3 MEDIUM N/A
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server.
CVE-2007-5007 1 Gnome 1 Balsa 2024-11-21 6.8 MEDIUM N/A
Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.
CVE-2007-3920 3 Compiz, Gnome, Ubuntu 3 Compiz, Screensaver, Ubuntu Linux 2024-11-21 6.2 MEDIUM N/A
GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.
CVE-2007-3381 1 Gnome 1 Gdm 2024-11-21 1.5 LOW N/A
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
CVE-2007-3257 1 Gnome 1 Evolution 2024-11-21 6.8 MEDIUM N/A
Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index.
CVE-2007-1266 1 Gnome 1 Evolution 2024-11-21 5.0 MEDIUM N/A
Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
CVE-2007-0999 1 Gnome 1 Ekiga 2024-11-21 9.3 HIGH N/A
Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006.
CVE-2007-0010 1 Gnome 1 Gtk 2024-11-21 2.1 LOW N/A
The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.
CVE-2006-7246 3 Gnome, Opensuse, Suse 4 Networkmanager, Opensuse, Linux Enterprise Desktop and 1 more 2024-11-21 3.2 LOW 6.8 MEDIUM
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.
CVE-2006-7240 1 Gnome 1 Power Manager 2024-11-21 7.2 HIGH N/A
gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532.
CVE-2006-6698 1 Gnome 1 Gconf 2024-11-21 1.9 LOW N/A
The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of time, which prevents other users from using Gnome.
CVE-2006-6105 1 Gnome 1 Gdm 2024-11-21 4.3 MEDIUM N/A
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.
CVE-2006-3057 1 Gnome 1 Dhcdbd 2024-11-21 5.0 MEDIUM N/A
Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) allows remote attackers to cause a denial of service (crash) via certain invalid DHCP responses that trigger memory corruption.
CVE-2006-2789 1 Gnome 1 Evolution 2024-11-21 2.6 LOW N/A
Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used.
CVE-2006-2452 1 Gnome 1 Gdm 2024-11-21 3.7 LOW N/A
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.