Gnome : Security Vulnerabilities, CVEs, CVSS score between 2 and 2.99
gdm3 3.14.2 and possibly later has an information leak before screen lock
Max CVSS
2.4
EPSS Score
0.10%
Published
2019-11-05
Updated
2020-08-18
GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-04-29
Updated
2014-04-30
DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials.
Max CVSS
2.1
EPSS Score
0.04%
Published
2012-06-07
Updated
2017-08-29
GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.
Max CVSS
2.1
EPSS Score
0.04%
Published
2011-09-02
Updated
2012-01-19
The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2011-06-14
Updated
2021-11-02
nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.
Max CVSS
2.1
EPSS Score
0.04%
Published
2009-12-23
Updated
2017-09-19
The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2009-05-14
Updated
2009-05-23
The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V.
Max CVSS
2.1
EPSS Score
0.04%
Published
2007-12-17
Updated
2012-10-31
The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.
Max CVSS
2.1
EPSS Score
0.09%
Published
2007-01-24
Updated
2022-02-07
Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used.
Max CVSS
2.6
EPSS Score
0.87%
Published
2006-06-02
Updated
2010-04-02
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.
Max CVSS
2.6
EPSS Score
0.59%
Published
2005-05-20
Updated
2018-10-03
gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-10-05
Updated
2017-07-11
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.
Max CVSS
2.1
EPSS Score
0.06%
Published
2003-11-17
Updated
2017-07-11
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).
Max CVSS
2.1
EPSS Score
0.06%
Published
2003-11-17
Updated
2017-07-11
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2003-08-27
Updated
2017-10-11
Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.
Max CVSS
2.1
EPSS Score
0.04%
Published
1999-12-05
Updated
2022-08-17
16 vulnerabilities found