Vulnerabilities > Gnome
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-13 | CVE-2006-0820 | Input Validation vulnerability in Gnome Dwarf Http Server 1.3.2 Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified error messages. network gnome | 4.3 |
2006-03-13 | CVE-2006-0819 | Input Validation vulnerability in Gnome Dwarf Http Server 1.3.2 Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request. | 7.8 |
2006-03-10 | CVE-2006-0040 | Denial Of Service vulnerability in Gnome Evolution 2.4.2.1 GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml. | 5.0 |
2006-02-02 | CVE-2006-0528 | Buffer Overflow vulnerability in GNOME Evolution Inline XML File Attachment The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment. | 5.0 |
2005-11-18 | CVE-2005-3186 | Buffer Overflow vulnerability in GDK-Pixbuf/GTK XPM Images Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow. | 7.5 |
2005-10-25 | CVE-2005-2958 | Format String vulnerability in LibGDA Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary code. | 7.5 |
2005-10-05 | CVE-2005-0023 | Unspecified vulnerability in Gnome Libvte4 and Libzvt2 gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. | 2.1 |
2005-08-12 | CVE-2005-2550 | Format String vulnerability in GNOME Evolution Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab. | 7.5 |
2005-08-12 | CVE-2005-2549 | Format String vulnerability in GNOME Evolution Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers. | 7.5 |
2005-08-01 | CVE-2005-2410 | Unspecified vulnerability in Gnome Networkmanager 0.1/0.3.1/0.4 Format string vulnerability in the nm_info_handler function in Network Manager may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier, which is not properly handled in a syslog call. | 7.5 |