Filtered by vendor Gnome
Subscribe
Total
314 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4348 | 3 Debian, Gnome, Opensuse | 4 Debian Linux, Librsvg, Leap and 1 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document. | |||||
| CVE-2016-1000033 | 2 Gnome, Redhat | 2 Shotwell, Enterprise Linux | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
| Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks. | |||||
| CVE-2014-1949 | 3 Canonical, Gnome, Linuxmint | 3 Ubuntu, Gtk, Linux Mint | 2025-04-12 | 7.2 HIGH | N/A |
| GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button. | |||||
| CVE-2011-2198 | 3 Gnome, Opensuse, Oracle | 3 Gnome-terminal, Opensuse, Solaris | 2025-04-12 | 3.5 LOW | N/A |
| The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@". | |||||
| CVE-2015-0552 | 2 Gnome, Opensuse | 2 Gcab, Opensuse | 2025-04-12 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by "\tmp\moo." | |||||
| CVE-2015-8875 | 2 Debian, Gnome | 2 Debian Linux, Gdk-pixbuf | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
| Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow. | |||||
| CVE-2015-7673 | 2 Gnome, Opensuse | 2 Gdk-pixbuf, Opensuse | 2025-04-12 | 6.8 MEDIUM | N/A |
| io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file. | |||||
| CVE-2014-8154 | 2 Gnome, Opensuse | 2 Vala, Opensuse | 2025-04-12 | 7.5 HIGH | N/A |
| The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow. | |||||
| CVE-2016-6352 | 3 Canonical, Gnome, Opensuse | 4 Ubuntu Linux, Gdk-pixbuf, Leap and 1 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. | |||||
| CVE-2012-4511 | 1 Gnome | 1 Libsocialweb | 2025-04-11 | 5.8 MEDIUM | N/A |
| services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. | |||||
| CVE-2011-4170 | 1 Gnome | 1 Empathy | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635. | |||||
| CVE-2011-3146 | 1 Gnome | 1 Librsvg | 2025-04-11 | 6.8 MEDIUM | N/A |
| librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive. | |||||
| CVE-2010-4000 | 1 Gnome | 1 Gnome-shell | 2025-04-11 | 6.9 MEDIUM | N/A |
| gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
| CVE-2011-2524 | 1 Gnome | 1 Libsoup | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI. | |||||
| CVE-2011-3364 | 1 Gnome | 2 Ifcfg-rh Plug-in, Networkmanager | 2025-04-11 | 6.9 MEDIUM | N/A |
| Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file. | |||||
| CVE-2010-0732 | 1 Gnome | 2 Gtk, Screensaver | 2025-04-11 | 6.2 MEDIUM | N/A |
| gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. | |||||
| CVE-2013-1799 | 2 Canonical, Gnome | 2 Ubuntu Linux, Gnome Online Accounts | 2025-04-11 | 4.3 MEDIUM | N/A |
| Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240. | |||||
| CVE-2010-4005 | 1 Gnome | 1 Tomboy | 2025-04-11 | 6.9 MEDIUM | N/A |
| The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for CVE-2005-4790.2. | |||||
| CVE-2011-5244 | 3 Gnome, T1lib, Tetex | 3 Evince, T1lib, Tetex | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433. | |||||
| CVE-2012-3378 | 1 Gnome | 1 At-spi2-atk | 2025-04-11 | 3.3 LOW | N/A |
| The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2. | |||||