Filtered by vendor Gnome
Subscriptions
Total
326 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10733 | 3 Gnome, Opensuse, Redhat | 7 Libgxps, Leap, Ansible Tower and 4 more | 2024-11-21 | N/A |
| There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack. | ||||
| CVE-2018-1000135 | 3 Canonical, Gnome, Redhat | 3 Ubuntu Linux, Networkmanager, Enterprise Linux | 2024-11-21 | N/A |
| GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does not appear to be available at this time. | ||||
| CVE-2018-1000041 | 2 Debian, Gnome | 2 Debian Linux, Librsvg | 2024-11-21 | N/A |
| GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows. | ||||
| CVE-2017-2885 | 3 Debian, Gnome, Redhat | 9 Debian Linux, Libsoup, Enterprise Linux and 6 more | 2024-11-21 | 9.8 Critical |
| An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. | ||||
| CVE-2017-17689 | 16 9folders, Apple, Bloop and 13 more | 17 Nine, Mail, Airmail and 14 more | 2024-11-21 | N/A |
| The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. | ||||
| CVE-2017-12447 | 2 Canonical, Gnome | 3 Ubuntu Linux, Gdk-pixbuf, Nautilus | 2024-11-21 | N/A |
| GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder. | ||||
| CVE-2017-12164 | 1 Gnome | 1 Gnome Display Manager | 2024-11-21 | N/A |
| A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen. | ||||
| CVE-2017-1000422 | 3 Canonical, Debian, Gnome | 3 Ubuntu Linux, Debian Linux, Gdk-pixbuf | 2024-11-21 | N/A |
| Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution | ||||
| CVE-2016-20011 | 1 Gnome | 1 Libgrss | 2024-11-21 | 7.5 High |
| libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync. | ||||
| CVE-2016-10727 | 3 Canonical, Gnome, Redhat | 3 Ubuntu Linux, Evolution, Enterprise Linux | 2024-11-21 | N/A |
| camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly. | ||||
| CVE-2016-1000002 | 4 Debian, Gnome, Opensuse and 1 more | 4 Debian Linux, Gnome Display Manager, Leap and 1 more | 2024-11-21 | 2.4 Low |
| gdm3 3.14.2 and possibly later has an information leak before screen lock | ||||
| CVE-2013-4245 | 2 Debian, Gnome | 2 Debian Linux, Orca | 2024-11-21 | 7.3 High |
| Orca has arbitrary code execution due to insecure Python module load | ||||
| CVE-2013-4166 | 2 Gnome, Redhat | 6 Evolution, Evolution Data Server, Enterprise Linux and 3 more | 2024-11-21 | 7.5 High |
| The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. | ||||
| CVE-2013-3718 | 4 Debian, Gnome, Opensuse and 1 more | 4 Debian Linux, Evince, Opensuse and 1 more | 2024-11-21 | 5.5 Medium |
| evince is missing a check on number of pages which can lead to a segmentation fault | ||||
| CVE-2012-6111 | 2 Debian, Gnome | 2 Debian Linux, Gnome Keyring | 2024-11-21 | 7.5 High |
| gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function | ||||
| CVE-2012-5535 | 2 Fedoraproject, Gnome | 2 Fedora, Gnome-system-log | 2024-11-21 | 7.5 High |
| gnome-system-log polkit policy allows arbitrary files on the system to be read | ||||
| CVE-2012-2736 | 4 Canonical, Debian, Gnome and 1 more | 4 Ubuntu Linux, Debian Linux, Networkmanager and 1 more | 2024-11-21 | 4.4 Medium |
| In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network. | ||||
| CVE-2012-1096 | 2 Debian, Gnome | 2 Debian Linux, Networkmanager | 2024-11-21 | 5.5 Medium |
| NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection. | ||||
| CVE-2012-0828 | 3 Gnome, Xchat, Xchat-wdk | 3 Gtk, Xchat, Xchat-wdk | 2024-11-21 | 9.8 Critical |
| Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP). | ||||
| CVE-2011-3355 | 2 Gnome, Linux | 2 Evolution-data-server3, Linux Kernel | 2024-11-21 | 7.3 High |
| evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim. | ||||