Vulnerabilities > Gnome > Low

DATE CVE VULNERABILITY TITLE RISK
2019-02-12 CVE-2018-20781 Insufficiently Protected Credentials vulnerability in multiple products
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon.
local
low complexity
gnome canonical oracle CWE-522
2.1
2014-05-21 CVE-2011-2198 Improper Input Validation vulnerability in multiple products
The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".
3.5
2014-04-29 CVE-2013-7273 Unspecified vulnerability in Gnome Display Manager
GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.
local
low complexity
gnome
2.1
2012-12-21 CVE-2010-2387 Credentials Management vulnerability in Gnome Display Manager
vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.
local
gnome CWE-255
1.9
2012-08-31 CVE-2012-3378 Cryptographic Issues vulnerability in Gnome At-Spi2-Atk 2.5.2
The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2.
local
gnome CWE-310
3.3
2012-08-07 CVE-2012-3452 Permissions, Privileges, and Access Controls vulnerability in Gnome Screensaver
gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple screens are used, only locks the screen with the active focus, which allows physically proximate attackers to bypass screen locking and access an unattended workstation.
local
gnome CWE-264
3.3
2012-07-17 CVE-2012-3355 Code Injection vulnerability in Gnome Rhythmbox
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.
local
low complexity
gnome CWE-94
3.6
2012-06-07 CVE-2012-0948 Permissions, Privileges, and Access Controls vulnerability in multiple products
DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials.
local
low complexity
gnome canonical CWE-264
2.1
2011-09-02 CVE-2011-2176 Improper Authentication vulnerability in Gnome Networkmanager
GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.
local
low complexity
gnome CWE-287
2.1
2011-06-14 CVE-2011-1943 Information Exposure Through Log Files vulnerability in multiple products
The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file.
local
low complexity
gnome fedoraproject CWE-532
2.1