Vulnerabilities > Gnome > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-12-23 | CVE-2009-4145 | Information Exposure vulnerability in Gnome Networkmanager 0.7.2 nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network. | 2.1 |
| 2009-05-14 | CVE-2009-1631 | Permissions, Privileges, and Access Controls vulnerability in Gnome Evolution The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files. | 2.1 |
| 2009-04-09 | CVE-2009-1276 | Information Exposure vulnerability in SUN Opensolaris and Solaris XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications. | 2.1 |
| 2007-12-17 | CVE-2007-6389 | Local Information Disclosure vulnerability in Gnome Screensaver 2.20 The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V. | 2.1 |
| 2007-08-07 | CVE-2007-3381 | Improper Input Validation vulnerability in Gnome GDM The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/. | 1.5 |
| 2007-01-24 | CVE-2007-0010 | Unspecified vulnerability in Gnome GTK The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file. | 2.1 |
| 2006-12-22 | CVE-2006-6698 | Denial of Service vulnerability in Gnome Gconf 2.14.0 The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of time, which prevents other users from using Gnome. local gnome | 1.9 |
| 2006-06-09 | CVE-2006-2452 | Authentication Bypass vulnerability in GNOME Foundation GDM Configure Login Manager GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges. | 3.7 |
| 2006-06-02 | CVE-2006-2789 | Denial Of Service vulnerability in GNOME Evolution Email Attachment Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used. | 2.6 |
| 2006-04-25 | CVE-2006-1057 | Race Condition vulnerability in Gnome GDM 2.14 Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file. | 3.7 |