Gnome : Security Vulnerabilities (CVSS score between 5 and 5.99)

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : Cve Number Descending Cve Number Ascending CVSS Score Descending Number Of Exploits Descending

Copy Results Download Results Select Table

#	CVE ID	CWE ID	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2012-2370	189	DoS Overflow	2012-08-13	2013-01-14	5.0	None	Remote	Low	Not required	None	None	Partial
Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.
2	CVE-2012-2132	287	Bypass	2012-08-20	2013-02-14	5.0	None	Remote	Low	Not required	None	Partial	None
libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection.
3	CVE-2012-1177	20		2012-08-26	2013-04-04	5.1	User	Remote	High	Not required	Partial	Partial	Partial
libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate.
4	CVE-2012-0039	310	DoS	2012-01-14	2012-02-08	5.0	None	Remote	Low	Not required	None	None	Partial
DISPUTED GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.
5	CVE-2011-2524	22	Dir. Trav.	2011-08-31	2012-02-01	5.0	None	Remote	Low	Not required	Partial	None	None
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.
6	CVE-2010-3312			2010-10-14	2011-02-17	5.8	None	Remote	Medium	Not required	Partial	Partial	None
Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate.
7	CVE-2010-0285		Bypass	2010-02-24	2011-08-23	5.6	None	Local	High	Not required	Complete	Complete	None
gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor.
8	CVE-2009-0582	20	DoS	2009-03-14	2010-08-21	5.8	None	Remote	Medium	Not required	Partial	None	Partial
The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.
9	CVE-2007-1266			2007-03-06	2008-11-15	5.0	None	Remote	Low	Not required	None	Partial	None
Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
10	CVE-2006-3057		DoS Mem. Corr.	2006-06-16	2008-09-05	5.0	None	Remote	Low	Not required	None	None	Partial
Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) allows remote attackers to cause a denial of service (crash) via certain invalid DHCP responses that trigger memory corruption.
11	CVE-2006-0528		DoS Overflow	2006-02-02	2010-04-02	5.0	None	Remote	Low	Not required	None	None	Partial
The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment.
12	CVE-2006-0040		DoS	2006-03-09	2008-09-10	5.0	None	Remote	Low	Not required	None	None	Partial
GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml.
13	CVE-2005-0238			2005-05-02	2008-09-05	5.0	None	Remote	Low	Not required	None	Partial	None
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
14	CVE-2004-0788		DoS Overflow	2004-10-20	2010-08-21	5.0	None	Remote	Low	Not required	None	None	Partial
Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file.
15	CVE-2004-0753		DoS	2004-10-20	2010-08-21	5.0	None	Remote	Low	Not required	None	None	Partial
The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.
16	CVE-2004-0111		DoS	2004-04-15	2008-09-10	5.0	None	Remote	Low	Not required	None	None	Partial
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
17	CVE-2003-0549		DoS	2003-08-27	2008-09-10	5.0	None	Remote	Low	Not required	None	None	Partial
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.
18	CVE-2003-0548		DoS	2003-08-27	2008-09-10	5.0	None	Remote	Low	Not required	None	None	Partial
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.
19	CVE-2003-0541		DoS	2003-09-17	2008-09-10	5.0	None	Remote	Low	Not required	None	None	Partial
gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference.
20	CVE-2003-0133		DoS	2003-05-05	2008-09-10	5.0	None	Remote	Low	Not required	None	None	Partial
GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages.
21	CVE-2000-0504		DoS	2000-06-19	2008-09-10	5.0	None	Remote	Low	Not required	None	None	Partial
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.

Total number of vulnerabilities : 21 Page : 1 (This Page)