Search Results (371 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2958 1 Gnome 1 Libgda2 2026-04-16 N/A
Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary code.
CVE-2005-2410 1 Gnome 1 Networkmanager 2026-04-16 N/A
Format string vulnerability in the nm_info_handler function in Network Manager may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier, which is not properly handled in a syslog call.
CVE-2005-0023 1 Gnome 2 Libvte4, Libzvt2 2026-04-16 N/A
gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed.
CVE-2004-0889 11 Debian, Easy Software Products, Gentoo and 8 more 16 Debian Linux, Cups, Linux and 13 more 2026-04-16 N/A
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
CVE-2005-1686 2 Gnome, Redhat 2 Gedit, Enterprise Linux 2026-04-16 N/A
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.
CVE-2000-0491 3 Caldera, Gnome, Suse 3 Openlinux, Gdm, Suse Linux 2026-04-16 N/A
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
CVE-1999-1477 2 Gnome, Mandrakesoft 2 Gnome Libs, Mandrake Linux 2026-04-16 N/A
Buffer overflow in GNOME libraries 1.0.8 allows local user to gain root access via a long --espeaker argument in programs such as nethack.
CVE-2005-0238 4 Gnome, Mozilla, Omnigroup and 1 more 5 Epiphany, Camino, Mozilla and 2 more 2026-04-16 N/A
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVE-2004-0111 3 Gnome, Redhat, Sgi 6 Gdkpixbuf, Enterprise Linux, Gdk Pixbuf and 3 more 2026-04-16 N/A
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
CVE-2003-0793 1 Gnome 1 Gdm 2026-04-16 N/A
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).
CVE-1999-0990 1 Gnome 1 Gdm 2026-04-16 N/A
Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.
CVE-2003-0547 2 Gnome, Redhat 3 Gdm, Kdebase, Linux 2026-04-16 N/A
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.
CVE-2005-0891 2 Gnome, Redhat 2 Gtk, Enterprise Linux 2026-04-16 7.5 High
Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.
CVE-2003-0794 1 Gnome 1 Gdm 2026-04-16 N/A
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.
CVE-2003-0165 2 Gnome, Redhat 2 Eog, Linux 2026-04-16 N/A
Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display.
CVE-2025-3839 1 Gnome 1 Epiphany 2026-04-15 8 High
A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this action, resulting in potential code execution on the client device via trusted UI behavior.
CVE-2025-11687 1 Gnome 1 Gi-docgen 2026-04-15 6.1 Medium
A flaw was found in the gi-docgen. This vulnerability allows arbitrary JavaScript execution in the context of the page — enabling DOM access, session cookie theft and other client-side attacks — via a crafted URL that supplies a malicious value to the q GET parameter (reflected DOM XSS).
CVE-2026-2574 1 Gnome 1 Glib-networking 2026-02-17 5.4 Medium
A flaw was found in glib-networking. A malicious Transport Layer Security (TLS) server can exploit an out-of-bounds read and invalid free vulnerability when a client using the OpenSSL backend connects. By advertising a specially crafted client-CA list, the server can trigger an issue where memory is accessed outside of its allocated buffer and subsequently freed incorrectly. This can lead to a denial-of-service and potentially disclose limited heap memory.
CVE-2023-29499 2 Gnome, Redhat 2 Glib, Enterprise Linux 2025-12-18 5.5 Medium
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.
CVE-2023-5557 2 Gnome, Redhat 6 Tracker Miners, Enterprise Linux, Rhel Aus and 3 more 2025-11-20 7.5 High
A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.