Vulnerabilities > Gnome > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-09-05 | CVE-2011-3146 | Unspecified vulnerability in Gnome Librsvg librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive. network gnome | 6.8 |
| 2012-08-26 | CVE-2012-1177 | Improper Input Validation vulnerability in Gnome Libgdata libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate. | 5.1 |
| 2012-08-20 | CVE-2012-2132 | Improper Authentication vulnerability in Gnome Libsoup 2.32.2 libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection. | 5.0 |
| 2012-07-03 | CVE-2011-2485 | Unspecified vulnerability in Gnome Gdk-Pixbuf 2.22.1/2.23.3 The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file. network gnome | 4.3 |
| 2011-11-04 | CVE-2011-3364 | Unspecified vulnerability in Gnome Ifcfg-Rh Plug-In Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file. local gnome | 6.9 |
| 2011-10-23 | CVE-2011-4170 | Cross-Site Scripting vulnerability in Gnome Empathy Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635. | 4.3 |
| 2011-10-23 | CVE-2011-3635 | Cross-Site Scripting vulnerability in Gnome Empathy Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname). | 4.3 |
| 2011-08-31 | CVE-2011-2524 | Path Traversal vulnerability in Gnome Libsoup Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI. | 5.0 |
| 2011-03-31 | CVE-2011-0727 | Link Following vulnerability in Gnome GDM GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/. | 6.9 |
| 2011-03-07 | CVE-2011-0064 | The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index. | 6.8 |