Filtered by vendor Gnome
Subscriptions
Total
312 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-5535 | 2 Fedoraproject, Gnome | 2 Fedora, Gnome-system-log | 2024-08-06 | 7.5 High |
gnome-system-log polkit policy allows arbitrary files on the system to be read | ||||
CVE-2012-4511 | 1 Gnome | 1 Libsocialweb | 2024-08-06 | N/A |
services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. | ||||
CVE-2012-4427 | 1 Gnome | 1 Gnome-shell | 2024-08-06 | N/A |
The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page. | ||||
CVE-2012-3452 | 1 Gnome | 1 Screensaver | 2024-08-06 | N/A |
gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple screens are used, only locks the screen with the active focus, which allows physically proximate attackers to bypass screen locking and access an unattended workstation. | ||||
CVE-2012-3378 | 1 Gnome | 1 At-spi2-atk | 2024-08-06 | N/A |
The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2. | ||||
CVE-2012-3466 | 1 Gnome | 1 Gnome-keyring | 2024-08-06 | N/A |
GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors. | ||||
CVE-2012-3355 | 1 Gnome | 1 Rhythmbox | 2024-08-06 | N/A |
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory. | ||||
CVE-2012-2736 | 4 Canonical, Debian, Gnome and 1 more | 4 Ubuntu Linux, Debian Linux, Networkmanager and 1 more | 2024-08-06 | 4.4 Medium |
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network. | ||||
CVE-2012-2370 | 2 Gnome, Redhat | 2 Gdk-pixbuf, Enterprise Linux | 2024-08-06 | N/A |
Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow. | ||||
CVE-2012-2132 | 1 Gnome | 1 Libsoup | 2024-08-06 | N/A |
libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection. | ||||
CVE-2012-1177 | 1 Gnome | 1 Libgdata | 2024-08-06 | N/A |
libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate. | ||||
CVE-2012-1096 | 2 Debian, Gnome | 2 Debian Linux, Networkmanager | 2024-08-06 | 5.5 Medium |
NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection. | ||||
CVE-2012-0948 | 2 Canonical, Gnome | 2 Ubuntu Linux, Update-manager-core | 2024-08-06 | N/A |
DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials. | ||||
CVE-2012-0828 | 3 Gnome, Xchat, Xchat-wdk | 3 Gtk, Xchat, Xchat-wdk | 2024-08-06 | 9.8 Critical |
Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP). | ||||
CVE-2013-7273 | 1 Gnome | 1 Gnome Display Manager | 2024-08-06 | N/A |
GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name. | ||||
CVE-2013-7221 | 1 Gnome | 1 Gnome-shell | 2024-08-06 | N/A |
The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation. | ||||
CVE-2013-7220 | 1 Gnome | 1 Gnome-shell | 2024-08-06 | N/A |
js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search. | ||||
CVE-2013-6836 | 1 Gnome | 1 Gnumeric | 2024-08-06 | N/A |
Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value. | ||||
CVE-2013-4245 | 2 Debian, Gnome | 2 Debian Linux, Orca | 2024-08-06 | 7.3 High |
Orca has arbitrary code execution due to insecure Python module load | ||||
CVE-2013-4166 | 2 Gnome, Redhat | 6 Evolution, Evolution Data Server, Enterprise Linux and 3 more | 2024-08-06 | 7.5 High |
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. |