Vulnerabilities > Gnome > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-29 | CVE-2007-3920 | GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069. | 6.2 |
| 2007-10-21 | CVE-2007-5337 | Information Exposure vulnerability in multiple products Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server. | 4.3 |
| 2007-06-19 | CVE-2007-3257 | Unspecified vulnerability in Gnome Evolution 1.11 Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index. network gnome | 6.8 |
| 2007-03-06 | CVE-2007-1266 | Unspecified vulnerability in Gnome Evolution Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | 5.0 |
| 2006-12-15 | CVE-2006-6105 | Local Format String vulnerability in GNOME Display Manager GDMChooser Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog. | 4.3 |
| 2006-06-16 | CVE-2006-3057 | Remote Denial of Service vulnerability in Dhcdbd 1.10/1.12 Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) allows remote attackers to cause a denial of service (crash) via certain invalid DHCP responses that trigger memory corruption. | 5.0 |
| 2006-03-13 | CVE-2006-0820 | Input Validation vulnerability in Gnome Dwarf Http Server 1.3.2 Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified error messages. network gnome | 4.3 |
| 2006-03-10 | CVE-2006-0040 | Denial Of Service vulnerability in Gnome Evolution 2.4.2.1 GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml. | 5.0 |
| 2006-02-02 | CVE-2006-0528 | Buffer Overflow vulnerability in GNOME Evolution Inline XML File Attachment The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment. | 5.0 |
| 2005-05-02 | CVE-2005-0238 | The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | 5.0 |