Vulnerabilities > Gnome > Low

DATE CVE VULNERABILITY TITLE RISK
2009-12-23 CVE-2009-4145 Information Exposure vulnerability in Gnome Networkmanager 0.7.2
nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.
local
low complexity
gnome CWE-200
2.1
2009-05-14 CVE-2009-1631 Permissions, Privileges, and Access Controls vulnerability in Gnome Evolution
The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files.
local
low complexity
gnome CWE-264
2.1
2009-04-09 CVE-2009-1276 Information Exposure vulnerability in SUN Opensolaris and Solaris
XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications.
local
low complexity
gnome sun CWE-200
2.1
2007-12-17 CVE-2007-6389 Local Information Disclosure vulnerability in Gnome Screensaver 2.20
The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V.
local
low complexity
gnome
2.1
2007-08-07 CVE-2007-3381 Improper Input Validation vulnerability in Gnome GDM
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
local
gnome CWE-20
1.5
2007-01-24 CVE-2007-0010 Unspecified vulnerability in Gnome GTK
The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.
local
low complexity
gnome
2.1
2006-12-22 CVE-2006-6698 Denial of Service vulnerability in Gnome Gconf 2.14.0
The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of time, which prevents other users from using Gnome.
local
gnome
1.9
2006-06-09 CVE-2006-2452 Authentication Bypass vulnerability in GNOME Foundation GDM Configure Login Manager
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
local
high complexity
gnome
3.7
2006-06-02 CVE-2006-2789 Denial Of Service vulnerability in GNOME Evolution Email Attachment
Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used.
network
high complexity
gnome
2.6
2006-04-25 CVE-2006-1057 Race Condition vulnerability in Gnome GDM 2.14
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
local
high complexity
gnome CWE-362
3.7