Vulnerabilities (CVE)

Filtered by vendor Gnome Subscribe
Total 322 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-0272 4 Canonical, Gnome, Oracle and 1 more 9 Ubuntu Linux, Networkmanager, Linux and 6 more 2025-04-12 5.0 MEDIUM N/A
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.
CVE-2013-7221 1 Gnome 1 Gnome-shell 2025-04-12 4.6 MEDIUM N/A
The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation.
CVE-2013-7220 1 Gnome 1 Gnome-shell 2025-04-12 4.6 MEDIUM N/A
js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search.
CVE-2011-2198 3 Gnome, Opensuse, Oracle 3 Gnome-terminal, Opensuse, Solaris 2025-04-12 3.5 LOW N/A
The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".
CVE-2016-6352 3 Canonical, Gnome, Opensuse 4 Ubuntu Linux, Gdk-pixbuf, Leap and 1 more 2025-04-12 5.0 MEDIUM 7.5 HIGH
The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.
CVE-2009-4642 1 Gnome 1 Screensaver 2025-04-11 7.2 HIGH N/A
gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.
CVE-2013-4169 1 Gnome 1 Gnome Display Manager 2025-04-11 6.9 MEDIUM N/A
GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.
CVE-2013-1050 1 Gnome 1 Gnome Screensaver 2025-04-11 7.2 HIGH N/A
The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation.
CVE-2011-4170 1 Gnome 1 Empathy 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635.
CVE-2011-5244 3 Gnome, T1lib, Tetex 3 Evince, T1lib, Tetex 2025-04-11 6.8 MEDIUM N/A
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.
CVE-2012-1177 1 Gnome 1 Libgdata 2025-04-11 5.1 MEDIUM N/A
libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate.
CVE-2011-3635 1 Gnome 1 Empathy 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname).
CVE-2013-1913 3 Gimp, Gnome, Redhat 3 Gimp, Glib, Enterprise Linux 2025-04-11 6.8 MEDIUM N/A
Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump.
CVE-2012-2370 1 Gnome 1 Gdk-pixbuf 2025-04-11 5.0 MEDIUM N/A
Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.
CVE-2010-4000 1 Gnome 1 Gnome-shell 2025-04-11 6.9 MEDIUM N/A
gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
CVE-2011-2524 1 Gnome 1 Libsoup 2025-04-11 5.0 MEDIUM N/A
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.
CVE-2010-2713 2 Gnome, Nalin Dahyabhai 2 Gnome-terminal, Vte 2025-04-11 6.8 MEDIUM N/A
The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression.
CVE-2011-4129 1 Gnome 1 Libsocialweb 2025-04-11 5.8 MEDIUM N/A
(1) services/twitter/twitter-contact-view.c and (2) services/twitter/twitter-item-view.c in libsocialweb before 0.25.20 automatically connect to Twitter when no Twitter account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack.
CVE-2011-1709 1 Gnome 2 Gdm, Glib 2025-04-11 7.2 HIGH N/A
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
CVE-2006-7240 1 Gnome 1 Power Manager 2025-04-11 7.2 HIGH N/A
gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532.