Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnome vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-36250
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local malicious users to execute arbitrary code via crafted .tsv file when creating a new record.
Gnome Gnome-time Tracker 3.0.2
1 Github repository
7.5
CVSSv2
CVE-2003-0080
The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not include any rules in the FORWARD chain, which could allow malicious users to bypass intended access restrictions if packet forwarding is enabled.
Gnome Gnome-lokkit 0.50 21
2.1
CVSSv2
CVE-2005-0023
gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed.
Gnome Libvte4
Gnome Libzvt2 1.4.2.19
1 EDB exploit
6.9
CVSSv2
CVE-2017-12164
A flaw exists in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.
Gnome Gnome Display Manager 3.24.1
7.5
CVSSv2
CVE-2005-2976
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ prior to 2.8.7 allows malicious users to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.
Gnome Gdkpixbuf 0.22
Gnome Gtk
2.1
CVSSv2
CVE-2021-28650
autoar-extractor.c in GNOME gnome-autoar prior to 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists...
Gnome Gnome-autoar
Fedoraproject Fedora 34
3.6
CVSSv2
CVE-2021-20315
A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to k...
Gnome Gnome-shell
Centos Stream 8
5
CVSSv2
CVE-2006-3057
Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) allows remote malicious users to cause a denial of service (crash) via certain invalid DHCP responses that trigger memory corruption.
Gnome Dhcdbd 1.10
Gnome Dhcdbd 1.12
5
CVSSv2
CVE-2003-0133
GtkHTML, as included in Evolution prior to 1.2.4, allows remote malicious users to cause a denial of service (crash) via certain malformed messages.
Gnome Gtkhtml 1.1.10
Gnome Gtkhtml 1.1.9
6.8
CVSSv2
CVE-2017-7961
The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote malicious users to cause a denial of service (application crash) or possibly ha...
Gnome Libcroco 0.6.12
Gnome Libcroco 0.6.11
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »