Vulnerabilities > Gnome > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-12-19 | CVE-2013-6836 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Gnome Gnumeric Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value. | 4.3 |
| 2013-10-10 | CVE-2013-1881 | Improper Input Validation vulnerability in Gnome Librsvg GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 4.3 |
| 2013-09-10 | CVE-2013-4169 | Link Following vulnerability in Gnome Display Manager GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/. | 6.9 |
| 2013-04-02 | CVE-2013-0240 | Cryptographic Issues vulnerability in multiple products Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. | 4.3 |
| 2012-11-19 | CVE-2011-5244 | Numeric Errors vulnerability in multiple products Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433. | 6.8 |
| 2012-11-19 | CVE-2011-0433 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642. | 6.8 |
| 2012-10-22 | CVE-2012-4511 | Information Exposure vulnerability in Gnome Libsocialweb services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. | 5.8 |
| 2012-10-22 | CVE-2012-3466 | Permissions, Privileges, and Access Controls vulnerability in Gnome Gnome-Keyring 3.4.0/3.4.1 GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors. | 4.4 |
| 2012-10-22 | CVE-2011-4129 | Information Exposure vulnerability in Gnome Libsocialweb (1) services/twitter/twitter-contact-view.c and (2) services/twitter/twitter-item-view.c in libsocialweb before 0.25.20 automatically connect to Twitter when no Twitter account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. | 5.8 |
| 2012-10-01 | CVE-2012-4427 | Code Injection vulnerability in Gnome Gnome-Shell 3.4.1 The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page. | 6.8 |