Vulnerabilities > Gnome > Critical

DATE CVE VULNERABILITY TITLE RISK
2009-08-03 CVE-2009-2404 Buffer Errors vulnerability in Mozilla Network Security Services 3.12.3
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
network
mozilla aol gnome pidgin CWE-119
critical
9.3
2008-08-18 CVE-2008-3533 USE of Externally-Controlled Format String vulnerability in Gnome and Yelp
Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.
network
low complexity
gnome CWE-134
critical
10.0
2008-06-04 CVE-2008-1109 Buffer Errors vulnerability in Gnome Evolution 2.22.1
Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).
network
gnome CWE-119
critical
9.3
2008-02-11 CVE-2008-0668 Numeric Errors vulnerability in Gnome Gnumeric
The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow.
network
redhat gnome CWE-189
critical
9.3
2007-03-10 CVE-2007-0999 Remote Security vulnerability in Ekiga
Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006.
network
gnome
critical
9.3
2005-01-27 CVE-2004-0889 Integer Overflow vulnerability in Xpdf PDFTOPS
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
10.0
2005-01-27 CVE-2004-0888 Integer Overflow vulnerability in Xpdf PDFTOPS
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
10.0
2005-01-24 CVE-2005-0102 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow.
network
low complexity
gnome debian CWE-190
critical
9.8
2003-06-30 CVE-2003-0407 Remote Buffer Overflow vulnerability in Gnome Batalla Naval 1.04
Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows remote attackers to execute arbitrary code via a long connection string.
network
low complexity
gnome
critical
10.0
2000-05-24 CVE-2000-0491 Buffer Overflow vulnerability in GNOME gdm XDMCP
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
network
low complexity
gnome caldera suse
critical
10.0