Filtered by vendor Gnome
Subscribe
Total
307 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-1108 | 1 Gnome | 1 Evolution | 2024-11-21 | 7.6 HIGH | N/A |
Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment. | |||||
CVE-2008-0887 | 1 Gnome | 1 Screensaver | 2024-11-21 | 4.7 MEDIUM | N/A |
gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859. | |||||
CVE-2008-0668 | 2 Gnome, Redhat | 2 Gnumeric, Fedora | 2024-11-21 | 9.3 HIGH | N/A |
The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-0072 | 2 Gnome, Linux | 2 Evolution, Linux Kernel | 2024-11-21 | 6.8 MEDIUM | N/A |
Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field. | |||||
CVE-2007-6389 | 1 Gnome | 1 Screensaver | 2024-11-21 | 2.1 LOW | N/A |
The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V. | |||||
CVE-2007-5337 | 3 Gnome, Linux, Mozilla | 4 Gnome-vfs, Linux Kernel, Firefox and 1 more | 2024-11-21 | 4.3 MEDIUM | N/A |
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server. | |||||
CVE-2007-5007 | 1 Gnome | 1 Balsa | 2024-11-21 | 6.8 MEDIUM | N/A |
Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command. | |||||
CVE-2007-3920 | 3 Compiz, Gnome, Ubuntu | 3 Compiz, Screensaver, Ubuntu Linux | 2024-11-21 | 6.2 MEDIUM | N/A |
GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069. | |||||
CVE-2007-3381 | 1 Gnome | 1 Gdm | 2024-11-21 | 1.5 LOW | N/A |
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/. | |||||
CVE-2007-3257 | 1 Gnome | 1 Evolution | 2024-11-21 | 6.8 MEDIUM | N/A |
Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index. | |||||
CVE-2007-1266 | 1 Gnome | 1 Evolution | 2024-11-21 | 5.0 MEDIUM | N/A |
Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | |||||
CVE-2007-0999 | 1 Gnome | 1 Ekiga | 2024-11-21 | 9.3 HIGH | N/A |
Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006. | |||||
CVE-2007-0010 | 1 Gnome | 1 Gtk | 2024-11-21 | 2.1 LOW | N/A |
The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file. | |||||
CVE-2006-7246 | 3 Gnome, Opensuse, Suse | 4 Networkmanager, Opensuse, Linux Enterprise Desktop and 1 more | 2024-11-21 | 3.2 LOW | 6.8 MEDIUM |
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. | |||||
CVE-2006-7240 | 1 Gnome | 1 Power Manager | 2024-11-21 | 7.2 HIGH | N/A |
gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. | |||||
CVE-2006-6698 | 1 Gnome | 1 Gconf | 2024-11-21 | 1.9 LOW | N/A |
The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of time, which prevents other users from using Gnome. | |||||
CVE-2006-6105 | 1 Gnome | 1 Gdm | 2024-11-21 | 4.3 MEDIUM | N/A |
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog. | |||||
CVE-2006-3057 | 1 Gnome | 1 Dhcdbd | 2024-11-21 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) allows remote attackers to cause a denial of service (crash) via certain invalid DHCP responses that trigger memory corruption. | |||||
CVE-2006-2789 | 1 Gnome | 1 Evolution | 2024-11-21 | 2.6 LOW | N/A |
Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used. | |||||
CVE-2006-2452 | 1 Gnome | 1 Gdm | 2024-11-21 | 3.7 LOW | N/A |
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges. |