Vulnerabilities > Gnome
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-09-05 | CVE-2011-3146 | Unspecified vulnerability in Gnome Librsvg librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive. network gnome | 6.8 |
| 2012-08-31 | CVE-2012-3378 | Cryptographic Issues vulnerability in Gnome At-Spi2-Atk 2.5.2 The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2. | 3.3 |
| 2012-08-26 | CVE-2012-1177 | Improper Input Validation vulnerability in Gnome Libgdata libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate. | 5.1 |
| 2012-08-20 | CVE-2012-2132 | Improper Authentication vulnerability in Gnome Libsoup 2.32.2 libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection. | 5.0 |
| 2012-08-07 | CVE-2012-3452 | Permissions, Privileges, and Access Controls vulnerability in Gnome Screensaver gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple screens are used, only locks the screen with the active focus, which allows physically proximate attackers to bypass screen locking and access an unattended workstation. | 3.3 |
| 2012-07-17 | CVE-2012-3355 | Code Injection vulnerability in Gnome Rhythmbox (1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory. | 3.6 |
| 2012-07-03 | CVE-2011-2485 | Unspecified vulnerability in Gnome Gdk-Pixbuf 2.22.1/2.23.3 The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file. network gnome | 4.3 |
| 2012-06-16 | CVE-2011-3193 | Out-Of-Bounds Write vulnerability in multiple products Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. | 9.3 |
| 2012-06-07 | CVE-2012-0948 | Permissions, Privileges, and Access Controls vulnerability in multiple products DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials. | 2.1 |
| 2011-11-04 | CVE-2011-3364 | Unspecified vulnerability in Gnome Ifcfg-Rh Plug-In Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file. local gnome | 6.9 |