Vulnerabilities (CVE)

Filtered by vendor Gnome Subscribe
Total 307 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7558 2 Debian, Gnome 2 Debian Linux, Librsvg 2024-11-21 5.0 MEDIUM 7.5 HIGH
librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.
CVE-2015-7557 1 Gnome 1 Librsvg 2024-11-21 5.0 MEDIUM 7.5 HIGH
The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document.
CVE-2015-7496 2 Fedoraproject, Gnome 2 Fedora, Gnome Display Manager 2024-11-21 7.2 HIGH N/A
GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.
CVE-2015-7217 4 Fedoraproject, Gnome, Mozilla and 1 more 5 Fedora, Gnome, Firefox and 2 more 2024-11-21 4.3 MEDIUM N/A
The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image.
CVE-2015-7216 4 Fedoraproject, Gnome, Mozilla and 1 more 5 Fedora, Gnome, Firefox and 2 more 2024-11-21 6.8 MEDIUM N/A
The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image.
CVE-2015-4491 8 Canonical, Fedoraproject, Gnome and 5 more 8 Ubuntu Linux, Fedora, Gdk-pixbuf and 5 more 2024-11-21 6.8 MEDIUM N/A
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
CVE-2015-2785 1 Gnome 1 Byzanz 2024-11-21 7.5 HIGH N/A
The GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap write and crash) or possibly execute arbitrary code via a crafted Byzanz debug data recording (ByzanzRecording file) to the byzanz-playback command.
CVE-2015-2675 1 Gnome 1 Librest 2024-11-21 5.0 MEDIUM 7.5 HIGH
The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account.
CVE-2015-0552 2 Gnome, Opensuse 2 Gcab, Opensuse 2024-11-21 6.4 MEDIUM N/A
Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by "\tmp\moo."
CVE-2015-0272 4 Canonical, Gnome, Oracle and 1 more 9 Ubuntu Linux, Networkmanager, Linux and 6 more 2024-11-21 5.0 MEDIUM N/A
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.
CVE-2014-8154 2 Gnome, Opensuse 2 Vala, Opensuse 2024-11-21 7.5 HIGH N/A
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow.
CVE-2014-7300 2 Gnome, Redhat 5 Gnome-shell, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more 2024-11-21 7.2 HIGH N/A
GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.
CVE-2013-7273 1 Gnome 1 Gnome Display Manager 2024-11-21 2.1 LOW N/A
GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.
CVE-2013-7221 1 Gnome 1 Gnome-shell 2024-11-21 4.6 MEDIUM N/A
The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation.
CVE-2013-7220 1 Gnome 1 Gnome-shell 2024-11-21 4.6 MEDIUM N/A
js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search.
CVE-2013-6836 1 Gnome 1 Gnumeric 2024-11-21 4.3 MEDIUM N/A
Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value.
CVE-2013-4245 2 Debian, Gnome 2 Debian Linux, Orca 2024-11-21 4.4 MEDIUM 7.3 HIGH
Orca has arbitrary code execution due to insecure Python module load
CVE-2013-4169 1 Gnome 1 Gnome Display Manager 2024-11-21 6.9 MEDIUM N/A
GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.
CVE-2013-4166 2 Gnome, Redhat 5 Evolution, Evolution Data Server, Enterprise Linux Desktop and 2 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.
CVE-2013-3718 4 Debian, Gnome, Opensuse and 1 more 4 Debian Linux, Evince, Opensuse and 1 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
evince is missing a check on number of pages which can lead to a segmentation fault