Vulnerabilities (CVE)

Filtered by vendor Gnome Subscribe
Total 307 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-1978 3 Gimp, Gnome, Redhat 3 Gimp, Glib, Enterprise Linux 2024-11-21 6.8 MEDIUM N/A
Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.
CVE-2013-1913 3 Gimp, Gnome, Redhat 3 Gimp, Glib, Enterprise Linux 2024-11-21 6.8 MEDIUM N/A
Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump.
CVE-2013-1881 1 Gnome 1 Librsvg 2024-11-21 4.3 MEDIUM N/A
GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2013-1799 2 Canonical, Gnome 2 Ubuntu Linux, Gnome Online Accounts 2024-11-21 4.3 MEDIUM N/A
Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240.
CVE-2013-1050 1 Gnome 1 Gnome Screensaver 2024-11-21 7.2 HIGH N/A
The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation.
CVE-2013-0240 2 Canonical, Gnome 2 Ubuntu Linux, Gnome Online Accounts 2024-11-21 4.3 MEDIUM N/A
Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.
CVE-2012-6111 2 Debian, Gnome 2 Debian Linux, Gnome Keyring 2024-11-21 5.0 MEDIUM 7.5 HIGH
gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function
CVE-2012-5535 2 Fedoraproject, Gnome 2 Fedora, Gnome-system-log 2024-11-21 5.0 MEDIUM 7.5 HIGH
gnome-system-log polkit policy allows arbitrary files on the system to be read
CVE-2012-4511 1 Gnome 1 Libsocialweb 2024-11-21 5.8 MEDIUM N/A
services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack.
CVE-2012-4427 1 Gnome 1 Gnome-shell 2024-11-21 6.8 MEDIUM N/A
The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page.
CVE-2012-3466 1 Gnome 1 Gnome-keyring 2024-11-21 4.4 MEDIUM N/A
GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors.
CVE-2012-3452 1 Gnome 1 Screensaver 2024-11-21 3.3 LOW N/A
gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple screens are used, only locks the screen with the active focus, which allows physically proximate attackers to bypass screen locking and access an unattended workstation.
CVE-2012-3378 1 Gnome 1 At-spi2-atk 2024-11-21 3.3 LOW N/A
The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2.
CVE-2012-3355 1 Gnome 1 Rhythmbox 2024-11-21 3.6 LOW N/A
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.
CVE-2012-2736 4 Canonical, Debian, Gnome and 1 more 4 Ubuntu Linux, Debian Linux, Networkmanager and 1 more 2024-11-21 3.3 LOW 4.4 MEDIUM
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.
CVE-2012-2370 1 Gnome 1 Gdk-pixbuf 2024-11-21 5.0 MEDIUM N/A
Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.
CVE-2012-2132 1 Gnome 1 Libsoup 2024-11-21 5.0 MEDIUM N/A
libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection.
CVE-2012-1177 1 Gnome 1 Libgdata 2024-11-21 5.1 MEDIUM N/A
libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate.
CVE-2012-1096 2 Debian, Gnome 2 Debian Linux, Networkmanager 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.
CVE-2012-0948 2 Canonical, Gnome 2 Ubuntu Linux, Update-manager-core 2024-11-21 2.1 LOW N/A
DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials.