Filtered by vendor Gnome Subscriptions
Total 318 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2013-4245 2 Debian, Gnome 2 Debian Linux, Orca 2024-11-21 7.3 High
Orca has arbitrary code execution due to insecure Python module load
CVE-2013-4169 2 Gnome, Redhat 2 Gnome Display Manager, Enterprise Linux 2024-11-21 N/A
GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.
CVE-2013-4166 2 Gnome, Redhat 6 Evolution, Evolution Data Server, Enterprise Linux and 3 more 2024-11-21 7.5 High
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.
CVE-2013-3718 4 Debian, Gnome, Opensuse and 1 more 4 Debian Linux, Evince, Opensuse and 1 more 2024-11-21 5.5 Medium
evince is missing a check on number of pages which can lead to a segmentation fault
CVE-2013-1978 3 Gimp, Gnome, Redhat 3 Gimp, Glib, Enterprise Linux 2024-11-21 N/A
Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.
CVE-2013-1913 3 Gimp, Gnome, Redhat 3 Gimp, Glib, Enterprise Linux 2024-11-21 N/A
Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump.
CVE-2013-1881 2 Gnome, Redhat 2 Librsvg, Enterprise Linux 2024-11-21 N/A
GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2013-1799 2 Canonical, Gnome 2 Ubuntu Linux, Gnome Online Accounts 2024-11-21 N/A
Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240.
CVE-2013-1050 1 Gnome 1 Gnome Screensaver 2024-11-21 N/A
The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation.
CVE-2013-0240 2 Canonical, Gnome 2 Ubuntu Linux, Gnome Online Accounts 2024-11-21 N/A
Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.
CVE-2012-6111 2 Debian, Gnome 2 Debian Linux, Gnome Keyring 2024-11-21 7.5 High
gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function
CVE-2012-5535 2 Fedoraproject, Gnome 2 Fedora, Gnome-system-log 2024-11-21 7.5 High
gnome-system-log polkit policy allows arbitrary files on the system to be read
CVE-2012-4511 1 Gnome 1 Libsocialweb 2024-11-21 N/A
services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack.
CVE-2012-4427 1 Gnome 1 Gnome-shell 2024-11-21 N/A
The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page.
CVE-2012-3466 1 Gnome 1 Gnome-keyring 2024-11-21 N/A
GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors.
CVE-2012-3452 1 Gnome 1 Screensaver 2024-11-21 N/A
gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple screens are used, only locks the screen with the active focus, which allows physically proximate attackers to bypass screen locking and access an unattended workstation.
CVE-2012-3378 1 Gnome 1 At-spi2-atk 2024-11-21 N/A
The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2.
CVE-2012-3355 1 Gnome 1 Rhythmbox 2024-11-21 N/A
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.
CVE-2012-2736 4 Canonical, Debian, Gnome and 1 more 4 Ubuntu Linux, Debian Linux, Networkmanager and 1 more 2024-11-21 4.4 Medium
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.
CVE-2012-2370 2 Gnome, Redhat 2 Gdk-pixbuf, Enterprise Linux 2024-11-21 N/A
Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.