Filtered by vendor Gnome
Subscribe
Total
329 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5987 | 1 Gnome | 1 Eog | 2025-04-09 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2008-0668 | 2 Gnome, Redhat | 2 Gnumeric, Fedora | 2025-04-09 | 9.3 HIGH | N/A |
| The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-7185 | 1 Gnome | 1 Rhythmbox | 2025-04-09 | 4.3 MEDIUM | N/A |
| GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c. | |||||
| CVE-2007-6389 | 1 Gnome | 1 Screensaver | 2025-04-09 | 2.1 LOW | N/A |
| The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V. | |||||
| CVE-2008-1109 | 1 Gnome | 1 Evolution | 2025-04-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window). | |||||
| CVE-2009-1631 | 1 Gnome | 1 Evolution | 2025-04-09 | 2.1 LOW | N/A |
| The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files. | |||||
| CVE-2007-5007 | 1 Gnome | 1 Balsa | 2025-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command. | |||||
| CVE-2009-3609 | 6 Foolabs, Glyph And Cog, Glyphandcog and 3 more | 6 Xpdf, Pdftops, Xpdfreader and 3 more | 2025-04-09 | 4.3 MEDIUM | N/A |
| Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read. | |||||
| CVE-2007-1266 | 1 Gnome | 1 Evolution | 2025-04-09 | 5.0 MEDIUM | N/A |
| Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | |||||
| CVE-2007-5337 | 3 Gnome, Linux, Mozilla | 4 Gnome-vfs, Linux Kernel, Firefox and 1 more | 2025-04-09 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server. | |||||
| CVE-2009-4145 | 1 Gnome | 1 Networkmanager | 2025-04-09 | 2.1 LOW | N/A |
| nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network. | |||||
| CVE-2008-5985 | 1 Gnome | 1 Epiphany | 2025-04-09 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2007-0999 | 1 Gnome | 1 Ekiga | 2025-04-09 | 9.3 HIGH | N/A |
| Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006. | |||||
| CVE-2008-5660 | 1 Gnome | 1 Vinagre | 2025-04-09 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response. | |||||
| CVE-2009-0582 | 1 Gnome | 1 Evolution-data-server | 2025-04-09 | 5.8 MEDIUM | N/A |
| The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data. | |||||
| CVE-2009-3604 | 5 Foolabs, Glyphandcog, Gnome and 2 more | 5 Xpdf, Xpdfreader, Gpdf and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
| The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow. | |||||
| CVE-2009-2697 | 2 Gnome, Redhat | 2 Gdm, Enterprise Linux | 2025-04-09 | 6.8 MEDIUM | N/A |
| The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079. | |||||
| CVE-2009-1276 | 2 Gnome, Sun | 3 Gnome, Opensolaris, Solaris | 2025-04-09 | 2.1 LOW | N/A |
| XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications. | |||||
| CVE-2003-0547 | 2 Gnome, Redhat | 2 Gdm, Kdebase | 2025-04-03 | 2.1 LOW | N/A |
| GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file. | |||||
| CVE-2003-0407 | 1 Gnome | 1 Batalla Naval | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows remote attackers to execute arbitrary code via a long connection string. | |||||