CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Gnome : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-1050 264 Bypass 2013-03-08 2013-03-18
7.2
None Local Low Not required Complete Complete Complete
The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation.
2 CVE-2011-1709 264 +Priv 2011-06-14 2011-09-06
7.2
None Local Low Not required Complete Complete Complete
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
3 CVE-2010-0414 Bypass 2010-02-11 2010-02-26
7.2
None Local Low Not required Complete Complete Complete
gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor.
4 CVE-2010-0409 119 DoS Exec Code Overflow 2010-02-08 2010-03-31
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodings.h in GMime before 2.4.15 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via input data for a uuencode operation.
5 CVE-2009-4997 264 2010-09-07 2010-09-08
7.2
None Local Low Not required Complete Complete Complete
gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: this issue exists because of a regression that followed a gnome-power-manager fix a few years earlier.
6 CVE-2009-4642 2010-02-11 2010-03-22
7.2
None Local Low Not required Complete Complete Complete
gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.
7 CVE-2009-4641 2010-02-11 2010-07-07
7.2
Admin Local Low Not required Complete Complete Complete
gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.
8 CVE-2008-1108 119 Exec Code Overflow 2008-06-04 2010-08-21
7.6
Admin Remote High Not required Complete Complete Complete
Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.
9 CVE-2006-7240 264 2010-09-07 2010-09-08
7.2
None Local Low Not required Complete Complete Complete
gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532.
10 CVE-2006-1244 2006-03-15 2008-09-05
7.6
None Remote High Not required Complete Complete Complete
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.
11 CVE-2006-0819 2006-03-13 2008-09-05
7.8
None Remote Low Not required Complete None None
Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request.
12 CVE-2005-3186 Exec Code Overflow 2005-11-18 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.
13 CVE-2005-2976 189 DoS Exec Code Overflow 2005-11-18 2011-10-12
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.
14 CVE-2005-2975 399 DoS 2005-11-18 2011-06-20
7.8
None Remote Low Not required None None Complete
io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.
15 CVE-2005-2958 Exec Code 2005-10-25 2010-04-02
7.5
User Remote Low Not required Partial Partial Partial
Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary code.
16 CVE-2005-2550 DoS Exec Code 2005-08-12 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab.
17 CVE-2005-2549 DoS Exec Code 2005-08-12 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers.
18 CVE-2005-2410 Exec Code 2005-08-01 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in the nm_info_handler function in Network Manager may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier, which is not properly handled in a syslog call.
19 CVE-2005-0206 Overflow 2005-04-27 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
20 CVE-2004-0783 Exec Code Overflow 2004-10-20 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).
21 CVE-2004-0782 Exec Code Overflow 2004-10-20 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).
22 CVE-2003-0080 Bypass 2003-03-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not include any rules in the FORWARD chain, which could allow attackers to bypass intended access restrictions if packet forwarding is enabled.
23 CVE-2001-0928 Exec Code Overflow 2001-11-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the permitted function of GNOME gtop daemon (libgtop_daemon) in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data.
24 CVE-2001-0927 Exec Code 2001-11-27 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in the permitted function of GNOME libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers to execute arbitrary code via an argument that contains format specifiers that are passed into the (1) syslog_message and (2) syslog_io_message functions.
25 CVE-2000-0948 2000-12-19 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack.
26 CVE-1999-1477 Overflow 1999-09-23 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in GNOME libraries 1.0.8 allows local user to gain root access via a long --espeaker argument in programs such as nethack.
Total number of vulnerabilities : 26   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.