Vulnerabilities > Gnome
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-10-14 | CVE-2010-3312 | Remote Security vulnerability in Epiphany 2.28/2.29 Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate. network gnome | 5.8 |
| 2010-09-07 | CVE-2009-4997 | Permissions, Privileges, and Access Controls vulnerability in Gnome Power Manager 2.27.92 gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. | 7.2 |
| 2010-09-07 | CVE-2006-7240 | Permissions, Privileges, and Access Controls vulnerability in Gnome Power Manager 2.14.0 gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. | 7.2 |
| 2010-08-05 | CVE-2010-2713 | Remote Code Execution vulnerability in VTE Window and Icon Title The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. | 6.8 |
| 2010-03-18 | CVE-2010-0421 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Gnome Pango Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database. | 4.3 |
| 2010-02-24 | CVE-2010-0422 | Unspecified vulnerability in Gnome Screensaver 2.28.0/2.28.1/2.28.2 gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to CVE-2010-0414. | 4.0 |
| 2010-02-24 | CVE-2010-0285 | Unspecified vulnerability in Gnome Screensaver gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor. | 5.6 |
| 2010-02-11 | CVE-2009-4642 | Local Security vulnerability in Gnome Screensaver 2.26.1 gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended. | 7.2 |
| 2010-02-11 | CVE-2009-4641 | Unspecified vulnerability in Gnome Screensaver 2.28.0 gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended. | 7.2 |
| 2010-02-11 | CVE-2010-0414 | Unspecified vulnerability in Gnome Screensaver gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor. | 7.2 |