Vulnerabilities > Gnome
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-03-29 | CVE-2015-2785 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gnome Byzanz The GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap write and crash) or possibly execute arbitrary code via a crafted Byzanz debug data recording (ByzanzRecording file) to the byzanz-playback command. | 7.5 |
| 2015-01-27 | CVE-2014-8154 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow. | 7.5 |
| 2015-01-15 | CVE-2015-0552 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by "\tmp\moo." | 6.4 |
| 2014-12-25 | CVE-2014-7300 | Resource Management Errors vulnerability in multiple products GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer. | 7.2 |
| 2014-05-21 | CVE-2011-2198 | Improper Input Validation vulnerability in multiple products The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@". | 3.5 |
| 2014-04-29 | CVE-2013-7273 | Unspecified vulnerability in Gnome Display Manager GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name. | 2.1 |
| 2014-04-29 | CVE-2013-7221 | Permissions, Privileges, and Access Controls vulnerability in Gnome Gnome-Shell The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation. | 4.6 |
| 2014-04-29 | CVE-2013-7220 | Unspecified vulnerability in Gnome Gnome-Shell js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search. | 4.6 |
| 2013-12-19 | CVE-2013-6836 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Gnome Gnumeric Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value. | 4.3 |
| 2013-10-10 | CVE-2013-1881 | Improper Input Validation vulnerability in Gnome Librsvg GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 4.3 |