Vulnerabilities > Gnome > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-09-07 | CVE-2009-4997 | Permissions, Privileges, and Access Controls vulnerability in Gnome Power Manager 2.27.92 gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. | 7.2 |
| 2010-09-07 | CVE-2006-7240 | Permissions, Privileges, and Access Controls vulnerability in Gnome Power Manager 2.14.0 gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. | 7.2 |
| 2010-02-11 | CVE-2009-4642 | Local Security vulnerability in Gnome Screensaver 2.26.1 gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended. | 7.2 |
| 2010-02-11 | CVE-2009-4641 | Unspecified vulnerability in Gnome Screensaver 2.28.0 gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended. | 7.2 |
| 2010-02-11 | CVE-2010-0414 | Unspecified vulnerability in Gnome Screensaver gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor. | 7.2 |
| 2010-02-08 | CVE-2010-0409 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Gnome Gmime Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodings.h in GMime before 2.4.15 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via input data for a uuencode operation. | 7.5 |
| 2009-09-22 | CVE-2009-3289 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory. | 7.8 |
| 2008-06-04 | CVE-2008-1108 | Buffer Errors vulnerability in Gnome Evolution 2.2.1 Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment. | 7.6 |
| 2006-03-15 | CVE-2006-1244 | Multiple Unspecified vulnerability in XPDF Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. | 7.6 |
| 2006-03-13 | CVE-2006-0819 | Input Validation vulnerability in Gnome Dwarf Http Server 1.3.2 Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request. | 7.8 |