| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-1050 |
264 |
|
Bypass |
2013-03-08 |
2013-03-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation. |
|
2 |
CVE-2011-1709 |
264 |
|
+Priv |
2011-06-14 |
2011-09-06 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type. |
|
3 |
CVE-2010-0414 |
|
|
Bypass |
2010-02-11 |
2010-02-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor. |
|
4 |
CVE-2010-0409 |
119 |
|
DoS Exec Code Overflow |
2010-02-08 |
2010-03-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodings.h in GMime before 2.4.15 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via input data for a uuencode operation. |
|
5 |
CVE-2009-4997 |
264 |
|
|
2010-09-07 |
2010-09-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: this issue exists because of a regression that followed a gnome-power-manager fix a few years earlier. |
|
6 |
CVE-2009-4642 |
|
|
|
2010-02-11 |
2010-03-22 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended. |
|
7 |
CVE-2009-4641 |
|
|
|
2010-02-11 |
2010-07-07 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended. |
|
8 |
CVE-2008-1108 |
119 |
|
Exec Code Overflow |
2008-06-04 |
2010-08-21 |
7.6 |
Admin |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment. |
|
9 |
CVE-2006-7240 |
264 |
|
|
2010-09-07 |
2010-09-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. |
|
10 |
CVE-2006-1244 |
|
|
|
2006-03-15 |
2008-09-05 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature. |
|
11 |
CVE-2006-0819 |
|
|
|
2006-03-13 |
2008-09-05 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request. |
|
12 |
CVE-2005-3186 |
|
|
Exec Code Overflow |
2005-11-18 |
2010-08-21 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow. |
|
13 |
CVE-2005-2976 |
189 |
|
DoS Exec Code Overflow |
2005-11-18 |
2011-10-12 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186. |
|
14 |
CVE-2005-2975 |
399 |
|
DoS |
2005-11-18 |
2011-06-20 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors. |
|
15 |
CVE-2005-2958 |
|
|
Exec Code |
2005-10-25 |
2010-04-02 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary code. |
|
16 |
CVE-2005-2550 |
|
|
DoS Exec Code |
2005-08-12 |
2010-08-21 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab. |
|
17 |
CVE-2005-2549 |
|
|
DoS Exec Code |
2005-08-12 |
2010-08-21 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers. |
|
18 |
CVE-2005-2410 |
|
|
Exec Code |
2005-08-01 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in the nm_info_handler function in Network Manager may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier, which is not properly handled in a syslog call. |
|
19 |
CVE-2005-0206 |
|
|
Overflow |
2005-04-27 |
2010-08-21 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. |
|
20 |
CVE-2004-0783 |
|
|
Exec Code Overflow |
2004-10-20 |
2010-08-21 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688). |
|
21 |
CVE-2004-0782 |
|
|
Exec Code Overflow |
2004-10-20 |
2010-08-21 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687). |
|
22 |
CVE-2003-0080 |
|
|
Bypass |
2003-03-31 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not include any rules in the FORWARD chain, which could allow attackers to bypass intended access restrictions if packet forwarding is enabled. |
|
23 |
CVE-2001-0928 |
|
|
Exec Code Overflow |
2001-11-28 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the permitted function of GNOME gtop daemon (libgtop_daemon) in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data. |
|
24 |
CVE-2001-0927 |
|
|
Exec Code |
2001-11-27 |
2008-09-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in the permitted function of GNOME libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers to execute arbitrary code via an argument that contains format specifiers that are passed into the (1) syslog_message and (2) syslog_io_message functions. |
|
25 |
CVE-2000-0948 |
|
|
|
2000-12-19 |
2008-09-05 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack. |
|
26 |
CVE-1999-1477 |
|
|
Overflow |
1999-09-23 |
2008-09-05 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in GNOME libraries 1.0.8 allows local user to gain root access via a long --espeaker argument in programs such as nethack. |
