libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
Max CVSS
5.0
EPSS Score
2.42%
Published
2000-06-19
Updated
2008-09-10
GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages.
Max CVSS
5.0
EPSS Score
0.94%
Published
2003-05-05
Updated
2017-10-11
gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference.
Max CVSS
5.0
EPSS Score
1.44%
Published
2003-09-17
Updated
2017-10-11
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.
Max CVSS
5.0
EPSS Score
0.41%
Published
2003-08-27
Updated
2017-10-11
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.
Max CVSS
5.0
EPSS Score
0.41%
Published
2003-08-27
Updated
2017-10-11
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
Max CVSS
5.0
EPSS Score
1.25%
Published
2004-04-15
Updated
2017-10-10
The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.
Max CVSS
5.0
EPSS Score
10.58%
Published
2004-10-20
Updated
2023-08-11
Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file.
Max CVSS
5.0
EPSS Score
17.59%
Published
2004-10-20
Updated
2023-08-11
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
Max CVSS
5.0
EPSS Score
0.30%
Published
2005-05-02
Updated
2022-02-28
Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.
Max CVSS
5.0
EPSS Score
1.41%
Published
2005-05-02
Updated
2023-08-03
GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml.
Max CVSS
5.0
EPSS Score
1.83%
Published
2006-03-10
Updated
2018-10-19
The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment.
Max CVSS
5.0
EPSS Score
17.36%
Published
2006-02-02
Updated
2018-10-03
Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) allows remote attackers to cause a denial of service (crash) via certain invalid DHCP responses that trigger memory corruption.
Max CVSS
5.0
EPSS Score
2.15%
Published
2006-06-16
Updated
2018-10-03
Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
Max CVSS
5.0
EPSS Score
6.36%
Published
2007-03-06
Updated
2018-10-16
The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.
Max CVSS
5.8
EPSS Score
0.27%
Published
2009-03-14
Updated
2017-09-29
gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor.
Max CVSS
5.6
EPSS Score
0.06%
Published
2010-02-24
Updated
2017-08-17
Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate.
Max CVSS
5.8
EPSS Score
0.28%
Published
2010-10-14
Updated
2011-02-17
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.
Max CVSS
5.0
EPSS Score
0.63%
Published
2011-08-31
Updated
2012-02-02
(1) services/twitter/twitter-contact-view.c and (2) services/twitter/twitter-item-view.c in libsocialweb before 0.25.20 automatically connect to Twitter when no Twitter account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack.
Max CVSS
5.8
EPSS Score
0.22%
Published
2012-10-22
Updated
2017-01-05
GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.
Max CVSS
5.0
EPSS Score
0.16%
Published
2012-01-14
Updated
2024-03-21
NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.
Max CVSS
5.5
EPSS Score
0.05%
Published
2020-03-10
Updated
2020-03-10
libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate.
Max CVSS
5.1
EPSS Score
0.97%
Published
2012-08-26
Updated
2013-04-05
libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection.
Max CVSS
5.0
EPSS Score
0.60%
Published
2012-08-20
Updated
2017-08-29
Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.
Max CVSS
5.0
EPSS Score
7.05%
Published
2012-08-13
Updated
2023-02-13
services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack.
Max CVSS
5.8
EPSS Score
0.21%
Published
2012-10-22
Updated
2017-01-05
61 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!