Vulnerabilities > Gnome > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-02-12 | CVE-2018-20781 | Insufficiently Protected Credentials vulnerability in multiple products In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. | 2.1 |
2014-05-21 | CVE-2011-2198 | Improper Input Validation vulnerability in multiple products The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@". | 3.5 |
2014-04-29 | CVE-2013-7273 | Unspecified vulnerability in Gnome Display Manager GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name. | 2.1 |
2012-12-21 | CVE-2010-2387 | Credentials Management vulnerability in Gnome Display Manager vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs. | 1.9 |
2012-08-31 | CVE-2012-3378 | Cryptographic Issues vulnerability in Gnome At-Spi2-Atk 2.5.2 The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2. | 3.3 |
2012-08-07 | CVE-2012-3452 | Permissions, Privileges, and Access Controls vulnerability in Gnome Screensaver gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple screens are used, only locks the screen with the active focus, which allows physically proximate attackers to bypass screen locking and access an unattended workstation. | 3.3 |
2012-07-17 | CVE-2012-3355 | Code Injection vulnerability in Gnome Rhythmbox (1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory. | 3.6 |
2012-06-07 | CVE-2012-0948 | Permissions, Privileges, and Access Controls vulnerability in multiple products DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials. | 2.1 |
2011-09-02 | CVE-2011-2176 | Improper Authentication vulnerability in Gnome Networkmanager GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors. | 2.1 |
2011-06-14 | CVE-2011-1943 | Information Exposure Through Log Files vulnerability in multiple products The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file. | 2.1 |