Filtered by vendor Gnome
Subscriptions
Total
331 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-7216 | 4 Fedoraproject, Gnome, Mozilla and 1 more | 5 Fedora, Gnome, Firefox and 2 more | 2025-04-12 | N/A |
| The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image. | ||||
| CVE-2014-7300 | 2 Gnome, Redhat | 6 Gnome-shell, Enterprise Linux, Enterprise Linux Desktop and 3 more | 2025-04-12 | N/A |
| GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer. | ||||
| CVE-2016-1000033 | 2 Gnome, Redhat | 2 Shotwell, Enterprise Linux | 2025-04-12 | 3.7 Low |
| Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks. | ||||
| CVE-2015-0552 | 2 Gnome, Opensuse | 2 Gcab, Opensuse | 2025-04-12 | N/A |
| Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by "\tmp\moo." | ||||
| CVE-2015-2785 | 1 Gnome | 1 Byzanz | 2025-04-12 | N/A |
| The GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap write and crash) or possibly execute arbitrary code via a crafted Byzanz debug data recording (ByzanzRecording file) to the byzanz-playback command. | ||||
| CVE-2014-8154 | 2 Gnome, Opensuse | 2 Vala, Opensuse | 2025-04-12 | N/A |
| The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow. | ||||
| CVE-2015-7673 | 2 Gnome, Opensuse | 2 Gdk-pixbuf, Opensuse | 2025-04-12 | N/A |
| io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file. | ||||
| CVE-2013-7221 | 1 Gnome | 1 Gnome-shell | 2025-04-12 | N/A |
| The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation. | ||||
| CVE-2013-7273 | 1 Gnome | 1 Gnome Display Manager | 2025-04-12 | N/A |
| GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name. | ||||
| CVE-2016-6855 | 4 Canonical, Fedoraproject, Gnome and 1 more | 6 Ubuntu Linux, Fedora, Eye Of Gnome and 3 more | 2025-04-12 | N/A |
| Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup. | ||||
| CVE-2016-9888 | 1 Gnome | 1 Libgsf | 2025-04-12 | N/A |
| An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file. | ||||
| CVE-2010-4833 | 1 Gnome | 1 Gtk | 2025-04-11 | N/A |
| Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability than CVE-2010-4831. | ||||
| CVE-2010-4000 | 1 Gnome | 1 Gnome-shell | 2025-04-11 | N/A |
| gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | ||||
| CVE-2010-3312 | 1 Gnome | 1 Epiphany | 2025-04-11 | N/A |
| Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate. | ||||
| CVE-2010-0732 | 1 Gnome | 2 Gtk, Screensaver | 2025-04-11 | N/A |
| gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. | ||||
| CVE-2010-2713 | 2 Gnome, Nalin Dahyabhai | 2 Gnome-terminal, Vte | 2025-04-11 | N/A |
| The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression. | ||||
| CVE-2010-0285 | 1 Gnome | 1 Screensaver | 2025-04-11 | N/A |
| gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor. | ||||
| CVE-2010-0414 | 1 Gnome | 1 Screensaver | 2025-04-11 | N/A |
| gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor. | ||||
| CVE-2009-4642 | 1 Gnome | 1 Screensaver | 2025-04-11 | N/A |
| gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended. | ||||
| CVE-2011-0064 | 3 Gnome, Mozilla, Redhat | 3 Pango, Firefox, Enterprise Linux | 2025-04-11 | N/A |
| The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index. | ||||