Vulnerabilities > Gnome
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-09-10 | CVE-2013-4169 | Link Following vulnerability in Gnome Display Manager GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/. | 6.9 |
2013-04-02 | CVE-2013-0240 | Cryptographic Issues vulnerability in multiple products Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. | 4.3 |
2013-03-08 | CVE-2013-1050 | Permissions, Privileges, and Access Controls vulnerability in Gnome Screensaver 3.5.4/3.5.5/3.6.0 The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation. | 7.2 |
2012-12-21 | CVE-2010-2387 | Credentials Management vulnerability in Gnome Display Manager vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs. | 1.9 |
2012-11-19 | CVE-2011-5244 | Numeric Errors vulnerability in multiple products Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433. | 6.8 |
2012-11-19 | CVE-2011-0433 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642. | 6.8 |
2012-10-22 | CVE-2012-4511 | Information Exposure vulnerability in Gnome Libsocialweb services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. | 5.8 |
2012-10-22 | CVE-2012-3466 | Permissions, Privileges, and Access Controls vulnerability in Gnome Gnome-Keyring 3.4.0/3.4.1 GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors. | 4.4 |
2012-10-22 | CVE-2011-4129 | Information Exposure vulnerability in Gnome Libsocialweb (1) services/twitter/twitter-contact-view.c and (2) services/twitter/twitter-item-view.c in libsocialweb before 0.25.20 automatically connect to Twitter when no Twitter account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. | 5.8 |
2012-10-01 | CVE-2012-4427 | Code Injection vulnerability in Gnome Gnome-Shell 3.4.1 The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page. | 6.8 |