Vulnerabilities > Gnome > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-03-14 | CVE-2009-0582 | Improper Input Validation vulnerability in Gnome Evolution-Data-Server 2.25.92 The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data. | 5.8 |
| 2009-01-28 | CVE-2009-0318 | Remote Command Execution vulnerability in Gnumeric 'PySys_SetArgv' Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). local gnome | 6.9 |
| 2009-01-28 | CVE-2009-0317 | Remote Command Execution vulnerability in Nautilus 'PySys_SetArgv' Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). local gnome | 6.9 |
| 2009-01-28 | CVE-2009-0314 | Untrusted Search Path vulnerability in multiple products Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | 6.9 |
| 2009-01-28 | CVE-2008-5987 | Remote Command Execution vulnerability in Gnome EOG 2.22.3 Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). local gnome | 6.9 |
| 2009-01-28 | CVE-2008-5985 | Remote Command Execution vulnerability in Gnome Epiphany 2.22.3 Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). local gnome | 6.9 |
| 2008-12-17 | CVE-2008-5660 | USE of Externally-Controlled Format String vulnerability in Gnome Vinagre Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response. | 6.8 |
| 2008-04-06 | CVE-2008-0887 | Local Unauthorized Access vulnerability in Gnome Desktop Screensaver NIS Authentication gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859. local gnome | 4.7 |
| 2008-03-06 | CVE-2008-0072 | USE of Externally-Controlled Format String vulnerability in Gnome Evolution Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field. | 6.8 |
| 2007-12-12 | CVE-2007-5007 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Gnome Balsa Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command. | 6.8 |