Vulnerabilities (CVE)

Filtered by vendor Gnome Subscribe
Total 312 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-1881 1 Gnome 1 Librsvg 2025-04-11 4.3 MEDIUM N/A
GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2011-2176 1 Gnome 1 Networkmanager 2025-04-11 2.1 LOW N/A
GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.
CVE-2011-0020 2 Gnome, Pango 2 Pango, Pango 2025-04-11 7.6 HIGH N/A
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
CVE-2011-3364 1 Gnome 2 Ifcfg-rh Plug-in, Networkmanager 2025-04-11 6.9 MEDIUM N/A
Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.
CVE-2011-0727 1 Gnome 1 Gdm 2025-04-11 6.9 MEDIUM N/A
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
CVE-2012-0948 2 Canonical, Gnome 2 Ubuntu Linux, Update-manager-core 2025-04-11 2.1 LOW N/A
DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials.
CVE-2009-3609 6 Foolabs, Glyph And Cog, Glyphandcog and 3 more 6 Xpdf, Pdftops, Xpdfreader and 3 more 2025-04-09 4.3 MEDIUM N/A
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.
CVE-2008-5985 1 Gnome 1 Epiphany 2025-04-09 6.9 MEDIUM N/A
Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
CVE-2008-4316 1 Gnome 1 Glib 2025-04-09 4.6 MEDIUM N/A
Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation.
CVE-2007-3920 3 Compiz, Gnome, Ubuntu 3 Compiz, Screensaver, Ubuntu Linux 2025-04-09 6.2 MEDIUM N/A
GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.
CVE-2008-3533 1 Gnome 2 Gnome, Yelp 2025-04-09 10.0 HIGH N/A
Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.
CVE-2009-0317 1 Gnome 1 Nautilus-python 2025-04-09 6.9 MEDIUM N/A
Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
CVE-2007-6389 1 Gnome 1 Screensaver 2025-04-09 2.1 LOW N/A
The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V.
CVE-2007-0999 1 Gnome 1 Ekiga 2025-04-09 9.3 HIGH N/A
Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006.
CVE-2008-1109 1 Gnome 1 Evolution 2025-04-09 9.3 HIGH N/A
Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).
CVE-2006-6105 1 Gnome 1 Gdm 2025-04-09 4.3 MEDIUM N/A
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.
CVE-2009-0582 1 Gnome 1 Evolution-data-server 2025-04-09 5.8 MEDIUM N/A
The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.
CVE-2009-3289 3 Gnome, Opensuse, Suse 3 Glib, Opensuse, Suse Linux Enterprise Server 2025-04-09 4.4 MEDIUM 7.8 HIGH
The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.
CVE-2008-1108 1 Gnome 1 Evolution 2025-04-09 7.6 HIGH N/A
Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.
CVE-2007-1266 1 Gnome 1 Evolution 2025-04-09 5.0 MEDIUM N/A
Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.