CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Gnome : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-6836 119 DoS Overflow 2013-12-18 2014-03-05
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value.
2 CVE-2013-4169 59 2013-09-10 2013-09-11
6.9
None Local Medium Not required Complete Complete Complete
GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.
3 CVE-2013-1881 20 2013-10-09 2014-03-26
4.3
None Remote Medium Not required Partial None None
GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
4 CVE-2013-1799 310 +Info 2013-04-01 2013-04-02
4.3
None Remote Medium Not required Partial None None
Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240.
5 CVE-2013-1050 264 Bypass 2013-03-08 2013-03-18
7.2
None Local Low Not required Complete Complete Complete
The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation.
6 CVE-2013-0240 310 +Info 2013-04-01 2013-04-02
4.3
None Remote Medium Not required Partial None None
Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.
7 CVE-2012-4427 94 2012-09-30 2012-10-02
6.8
None Remote Medium Not required Partial Partial Partial
The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page.
8 CVE-2012-3466 264 2012-10-22 2013-12-05
4.4
None Local Medium Not required Partial Partial Partial
GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors.
9 CVE-2012-3452 264 Bypass 2012-08-07 2012-08-08
3.3
None Local Medium Not required Partial Partial None
gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple screens are used, only locks the screen with the active focus, which allows physically proximate attackers to bypass screen locking and access an unattended workstation.
10 CVE-2012-3378 310 2012-08-31 2012-09-05
3.3
None Local Medium Not required None Partial Partial
The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2.
11 CVE-2012-3355 94 Exec Code 2012-07-17 2012-09-07
3.6
None Local Low Not required None Partial Partial
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.
12 CVE-2012-2370 189 DoS Overflow 2012-08-13 2013-01-14
5.0
None Remote Low Not required None None Partial
Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.
13 CVE-2012-2132 287 Bypass 2012-08-20 2013-02-14
5.0
None Remote Low Not required None Partial None
libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection.
14 CVE-2012-1177 20 2012-08-26 2013-04-04
5.1
User Remote High Not required Partial Partial Partial
libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate.
15 CVE-2012-0948 264 2012-06-07 2012-06-12
2.1
None Local Low Not required Partial None None
DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials.
16 CVE-2012-0039 310 DoS 2012-01-14 2012-02-08
5.0
None Remote Low Not required None None Partial
** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.
17 CVE-2011-5244 189 DoS Exec Code 2012-11-19 2013-02-25
6.8
None Remote Medium Not required Partial Partial Partial
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.
18 CVE-2011-4170 79 XSS 2011-10-23 2012-05-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635.
19 CVE-2011-3635 79 XSS 2011-10-23 2012-11-06
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname).
20 CVE-2011-3364 Exec Code 2011-11-04 2012-01-18
6.9
None Local Medium Not required Complete Complete Complete
Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.
21 CVE-2011-3201 200 +Info 2013-03-08 2013-03-18
4.3
None Remote Medium Not required Partial None None
GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.
22 CVE-2011-3146 DoS Exec Code 2012-09-05 2012-09-13
6.8
None Remote Medium Not required Partial Partial Partial
librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive.
23 CVE-2011-2524 22 Dir. Trav. 2011-08-31 2012-02-01
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.
24 CVE-2011-2485 DoS 2012-07-03 2012-07-03
4.3
None Remote Medium Not required None None Partial
The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file.
25 CVE-2011-2176 287 Bypass 2011-09-02 2012-01-18
2.1
None Local Low Not required None Partial None
GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.
26 CVE-2011-1709 264 +Priv 2011-06-14 2011-09-06
7.2
None Local Low Not required Complete Complete Complete
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
27 CVE-2011-0727 59 2011-03-31 2011-04-29
6.9
None Local Medium Not required Complete Complete Complete
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
28 CVE-2011-0433 119 DoS Exec Code Overflow 2012-11-19 2012-12-18
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.
29 CVE-2010-4005 94 +Priv 2010-11-05 2011-03-01
6.9
Admin Local Medium Not required Complete Complete Complete
The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for CVE-2005-4790.2.
30 CVE-2010-4000 264 +Priv 2010-11-05 2010-11-08
6.9
Admin Local Medium Not required Complete Complete Complete
gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
31 CVE-2010-3312 2010-10-14 2011-02-17
5.8
None Remote Medium Not required Partial Partial None
Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate.
32 CVE-2010-2387 255 +Priv 2012-12-21 2012-12-28
1.9
None Local Medium Not required Partial None None
vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.
33 CVE-2010-0422 Bypass 2010-02-24 2010-03-22
4.0
None Local High Not required None Complete None
gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to CVE-2010-0414.
34 CVE-2010-0414 Bypass 2010-02-11 2010-02-26
7.2
None Local Low Not required Complete Complete Complete
gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor.
35 CVE-2010-0409 119 DoS Exec Code Overflow 2010-02-08 2010-03-31
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodings.h in GMime before 2.4.15 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via input data for a uuencode operation.
36 CVE-2010-0285 Bypass 2010-02-24 2011-08-23
5.6
None Local High Not required Complete Complete None
gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor.
37 CVE-2009-4997 264 2010-09-07 2010-09-08
7.2
None Local Low Not required Complete Complete Complete
gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: this issue exists because of a regression that followed a gnome-power-manager fix a few years earlier.
38 CVE-2009-4642 2010-02-11 2010-03-22
7.2
None Local Low Not required Complete Complete Complete
gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.
39 CVE-2009-4641 2010-02-11 2010-07-07
7.2
Admin Local Low Not required Complete Complete Complete
gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.
40 CVE-2009-4145 200 +Info 2009-12-23 2010-08-21
2.1
None Local Low Not required Partial None None
nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.
41 CVE-2009-4144 310 DoS +Info 2009-12-23 2010-08-21
6.8
None Remote Medium Not required Partial Partial Partial
NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.
42 CVE-2009-4035 94 Exec Code Overflow 2009-12-21 2010-08-21
9.3
None Remote Medium Not required Complete Complete Complete
The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow.
43 CVE-2009-3289 264 2009-09-22 2010-05-20
4.4
None Local Medium Not required Partial Partial Partial
The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.
44 CVE-2009-2697 287 Bypass 2009-09-04 2010-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.
45 CVE-2009-1631 264 +Info 2009-05-14 2009-05-23
2.1
None Local Low Not required Partial None None
The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files.
46 CVE-2009-0582 20 DoS 2009-03-14 2010-08-21
5.8
None Remote Medium Not required Partial None Partial
The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.
47 CVE-2009-0318 Exec Code 2009-01-28 2009-04-16
6.9
Admin Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
48 CVE-2009-0317 Exec Code 2009-01-28 2009-02-05
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
49 CVE-2009-0314 Exec Code 2009-01-28 2011-09-12
6.9
Admin Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
50 CVE-2008-7185 20 1 DoS 2009-09-08 2009-09-09
4.3
None Remote Medium Not required None None Partial
GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c.
Total number of vulnerabilities : 120   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.