Vulnerabilities > Gnome > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-11-06 | CVE-2010-4005 | Code Injection vulnerability in Gnome Tomboy The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
| 2010-11-06 | CVE-2010-4000 | Permissions, Privileges, and Access Controls vulnerability in Gnome Gnome-Shell 2.31.5 gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
| 2010-10-14 | CVE-2010-3312 | Remote Security vulnerability in Epiphany 2.28/2.29 Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate. network gnome | 5.8 |
| 2010-08-05 | CVE-2010-2713 | Remote Code Execution vulnerability in VTE Window and Icon Title The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. | 6.8 |
| 2010-03-18 | CVE-2010-0421 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Gnome Pango Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database. | 4.3 |
| 2010-02-24 | CVE-2010-0422 | Unspecified vulnerability in Gnome Screensaver 2.28.0/2.28.1/2.28.2 gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to CVE-2010-0414. | 4.0 |
| 2010-02-24 | CVE-2010-0285 | Unspecified vulnerability in Gnome Screensaver gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor. | 5.6 |
| 2009-12-23 | CVE-2009-4144 | Cryptographic Issues vulnerability in Gnome Networkmanager 0.7.2 NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network. | 6.8 |
| 2009-09-08 | CVE-2008-7185 | Improper Input Validation vulnerability in Gnome Rhythmbox 0.11.5 GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c. | 4.3 |
| 2009-09-04 | CVE-2009-2697 | Improper Authentication vulnerability in Gnome GDM The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079. | 6.8 |