Vulnerabilities > Gnome > High

DATE CVE VULNERABILITY TITLE RISK
2010-09-07 CVE-2009-4997 Permissions, Privileges, and Access Controls vulnerability in Gnome Power Manager 2.27.92
gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532.
local
low complexity
gnome CWE-264
7.2
2010-09-07 CVE-2006-7240 Permissions, Privileges, and Access Controls vulnerability in Gnome Power Manager 2.14.0
gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532.
local
low complexity
gnome CWE-264
7.2
2010-02-11 CVE-2009-4642 Local Security vulnerability in Gnome Screensaver 2.26.1
gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.
local
low complexity
gnome
7.2
2010-02-11 CVE-2009-4641 Unspecified vulnerability in Gnome Screensaver 2.28.0
gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.
local
low complexity
gnome
7.2
2010-02-11 CVE-2010-0414 Unspecified vulnerability in Gnome Screensaver
gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor.
local
low complexity
gnome
7.2
2010-02-08 CVE-2010-0409 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Gnome Gmime
Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodings.h in GMime before 2.4.15 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via input data for a uuencode operation.
network
low complexity
gnome CWE-119
7.5
2009-09-22 CVE-2009-3289 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.
local
low complexity
gnome opensuse suse CWE-732
7.8
2008-06-04 CVE-2008-1108 Buffer Errors vulnerability in Gnome Evolution 2.2.1
Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.
network
high complexity
gnome CWE-119
7.6
2006-03-15 CVE-2006-1244 Multiple Unspecified vulnerability in XPDF
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc.
network
high complexity
gnome libextractor xpdf debian
7.6
2006-03-13 CVE-2006-0819 Input Validation vulnerability in Gnome Dwarf Http Server 1.3.2
Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request.
network
low complexity
gnome
7.8