Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.
Max CVSS
2.1
EPSS Score
0.04%
Published
1999-12-05
Updated
2022-08-17
Buffer overflow in GNOME libraries 1.0.8 allows local user to gain root access via a long --espeaker argument in programs such as nethack.
Max CVSS
7.2
EPSS Score
0.04%
Published
1999-09-23
Updated
2017-12-19
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
Max CVSS
10.0
EPSS Score
7.14%
Published
2000-05-24
Updated
2008-09-10
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
Max CVSS
5.0
EPSS Score
2.42%
Published
2000-06-19
Updated
2008-09-10
Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.
Max CVSS
6.2
EPSS Score
0.04%
Published
2000-11-14
Updated
2017-10-10
GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack.
Max CVSS
7.2
EPSS Score
0.04%
Published
2000-12-19
Updated
2017-10-10
GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program.
Max CVSS
7.2
EPSS Score
0.04%
Published
2001-02-12
Updated
2023-08-03
Format string vulnerability in the permitted function of GNOME libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers to execute arbitrary code via an argument that contains format specifiers that are passed into the (1) syslog_message and (2) syslog_io_message functions.
Max CVSS
7.5
EPSS Score
2.69%
Published
2001-11-27
Updated
2016-10-18
Buffer overflow in the permitted function of GNOME gtop daemon (libgtop_daemon) in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data.
Max CVSS
7.5
EPSS Score
5.98%
Published
2001-11-28
Updated
2016-10-18
Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments.
Max CVSS
4.6
EPSS Score
0.15%
Published
2002-12-31
Updated
2008-09-05
VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
Max CVSS
6.8
EPSS Score
0.30%
Published
2003-03-03
Updated
2016-10-18
The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not include any rules in the FORWARD chain, which could allow attackers to bypass intended access restrictions if packet forwarding is enabled.
Max CVSS
7.5
EPSS Score
0.40%
Published
2003-03-31
Updated
2017-07-11
GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages.
Max CVSS
5.0
EPSS Score
0.94%
Published
2003-05-05
Updated
2017-10-11
Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display.
Max CVSS
4.6
EPSS Score
0.14%
Published
2003-04-02
Updated
2017-10-11
Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows remote attackers to execute arbitrary code via a long connection string.
Max CVSS
10.0
EPSS Score
2.56%
Published
2003-06-30
Updated
2016-10-18
gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference.
Max CVSS
5.0
EPSS Score
1.44%
Published
2003-09-17
Updated
2017-10-11
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2003-08-27
Updated
2017-10-11
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.
Max CVSS
5.0
EPSS Score
0.41%
Published
2003-08-27
Updated
2017-10-11
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.
Max CVSS
5.0
EPSS Score
0.41%
Published
2003-08-27
Updated
2017-10-11
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).
Max CVSS
2.1
EPSS Score
0.06%
Published
2003-11-17
Updated
2017-07-11
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.
Max CVSS
2.1
EPSS Score
0.06%
Published
2003-11-17
Updated
2017-07-11
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
Max CVSS
5.0
EPSS Score
1.25%
Published
2004-04-15
Updated
2017-10-10
The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.
Max CVSS
5.0
EPSS Score
10.58%
Published
2004-10-20
Updated
2023-08-11
Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).
Max CVSS
7.5
EPSS Score
30.47%
Published
2004-10-20
Updated
2023-08-11
Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).
Max CVSS
7.5
EPSS Score
30.47%
Published
2004-10-20
Updated
2023-08-11
302 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!