Filtered by vendor Gnome
Subscriptions
Total
332 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-0272 | 5 Canonical, Gnome, Oracle and 2 more | 10 Ubuntu Linux, Networkmanager, Linux and 7 more | 2025-04-12 | N/A |
| GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215. | ||||
| CVE-2016-9888 | 1 Gnome | 1 Libgsf | 2025-04-12 | N/A |
| An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file. | ||||
| CVE-2015-8875 | 2 Debian, Gnome | 2 Debian Linux, Gdk-pixbuf | 2025-04-12 | N/A |
| Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow. | ||||
| CVE-2014-8154 | 2 Gnome, Opensuse | 2 Vala, Opensuse | 2025-04-12 | N/A |
| The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow. | ||||
| CVE-2015-7217 | 4 Fedoraproject, Gnome, Mozilla and 1 more | 5 Fedora, Gnome, Firefox and 2 more | 2025-04-12 | N/A |
| The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image. | ||||
| CVE-2015-7216 | 4 Fedoraproject, Gnome, Mozilla and 1 more | 5 Fedora, Gnome, Firefox and 2 more | 2025-04-12 | N/A |
| The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image. | ||||
| CVE-2014-7300 | 2 Gnome, Redhat | 6 Gnome-shell, Enterprise Linux, Enterprise Linux Desktop and 3 more | 2025-04-12 | N/A |
| GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer. | ||||
| CVE-2011-2198 | 3 Gnome, Opensuse, Oracle | 3 Gnome-terminal, Opensuse, Solaris | 2025-04-12 | N/A |
| The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@". | ||||
| CVE-2015-7557 | 1 Gnome | 1 Librsvg | 2025-04-12 | N/A |
| The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document. | ||||
| CVE-2015-2785 | 1 Gnome | 1 Byzanz | 2025-04-12 | N/A |
| The GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap write and crash) or possibly execute arbitrary code via a crafted Byzanz debug data recording (ByzanzRecording file) to the byzanz-playback command. | ||||
| CVE-2014-1949 | 3 Canonical, Gnome, Linuxmint | 3 Ubuntu, Gtk, Linux Mint | 2025-04-12 | N/A |
| GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button. | ||||
| CVE-2013-7273 | 1 Gnome | 1 Gnome Display Manager | 2025-04-12 | N/A |
| GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name. | ||||
| CVE-2013-7221 | 1 Gnome | 1 Gnome-shell | 2025-04-12 | N/A |
| The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation. | ||||
| CVE-2013-1913 | 3 Gimp, Gnome, Redhat | 3 Gimp, Glib, Enterprise Linux | 2025-04-11 | N/A |
| Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump. | ||||
| CVE-2013-1799 | 2 Canonical, Gnome | 2 Ubuntu Linux, Gnome Online Accounts | 2025-04-11 | N/A |
| Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240. | ||||
| CVE-2013-0240 | 2 Canonical, Gnome | 2 Ubuntu Linux, Gnome Online Accounts | 2025-04-11 | N/A |
| Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. | ||||
| CVE-2012-4511 | 1 Gnome | 1 Libsocialweb | 2025-04-11 | N/A |
| services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. | ||||
| CVE-2012-4427 | 1 Gnome | 1 Gnome-shell | 2025-04-11 | N/A |
| The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page. | ||||
| CVE-2012-3452 | 1 Gnome | 1 Screensaver | 2025-04-11 | N/A |
| gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple screens are used, only locks the screen with the active focus, which allows physically proximate attackers to bypass screen locking and access an unattended workstation. | ||||
| CVE-2012-3378 | 1 Gnome | 1 At-spi2-atk | 2025-04-11 | N/A |
| The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2. | ||||