gnome software vulnerabilities
vulnerabilities.aspcode.net
Searching gnome software vulnerabilities
Xsession in Red Hat Linux 6.1 and earlier can a
anotherlevel
|
restricted
|
execution
|
accounts
|
Xsession
|
starting
|
earlier
|
bypass
|
allow
|
gnome
|
Linux
|
users
|
local
|
file
|
Hat
|
kdm
|
can
|
Red
|
kde
|
Xsession in Red Hat Linux 6.1 and earlier can allow local users with restricted accounts to bypass execution of the .xsession file by starting kde, gnome or anotherlevel from kdm.
Buffer overflow in GNOME libraries 1.0.8 allows
libraries
|
overflow
|
Buffer
|
GNOME
|
Buffer overflow in GNOME libraries 1.0.8 allows local user to gain root access via a long --espeaker argument in programs such as nethack.
ORBit and gnome-session in Red Hat Linux 6.1 al
gnome-session
|
attackers
|
program
|
remote
|
allows
|
crash
|
ORBit
|
Linux
|
Red
|
Hat
|
ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers to crash a program.
Buffer overflow in the XDMCP parsing code of GN
FORWARD_QUERY
|
arbitrary
|
attackers
|
overflow
|
commands
|
execute
|
parsing
|
request
|
service
|
remote
|
denial
|
Buffer
|
allows
|
cause
|
GNOME
|
XDMCP
|
code
|
long
|
wdm
|
kdm
|
gdm
|
KDE
|
via
|
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
Helix GNOME Updater helix-update 0.5 and earlie
/tmp/helix-install
|
helix-update
|
installation
|
installing
|
arbitrary
|
directory
|
packages
|
creating
|
earlier
|
Updater
|
install
|
before
|
allows
|
Helix
|
begun
|
users
|
local
|
GNOME
|
root
|
RPM
|
has
|
Helix GNOME Updater helix-update 0.5 and earlier allows local users to install arbitrary RPM packages by creating the /tmp/helix-install installation directory before root has begun installing packages.
Helix GNOME Updater helix-update 0.5 and earlie
/etc/configd/cshcshrc
|
/etc/configd/bashrc
|
/etc/rcconfig
|
configuration
|
helix-update
|
directories
|
properly
|
earlier
|
Updater
|
system
|
allows
|
create
|
empty
|
files
|
users
|
Helix
|
GNOME
|
which
|
local
|
does
|
/tmp
|
such
|
not
|
Helix GNOME Updater helix-update 0.5 and earlier does not properly create /tmp directories, which allows local users to create empty system configuration files such as /etc/config.d/bashrc, /etc/config.d/csh.cshrc, and /etc/rc.config.
Format string vulnerability in the permitted fu
libgtop_daemon
|
vulnerability
|
permitted
|
function
|
libgtop
|
Format
|
string
|
GNOME
|
Format string vulnerability in the permitted function of GNOME libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers to execute arbitrary code via an argument that contains format specifiers that are passed into the (1) syslog_message and (2) syslog_io_message functions.
Buffer overflow in the permitted function of GN
permitted
|
function
|
overflow
|
daemon
|
Buffer
|
GNOME
|
gtop
|
Buffer overflow in the permitted function of GNOME gtop daemon (libgtop_daemon) in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data.
The iptables ruleset in Gnome-lokkit in Red Hat
Gnome-lokkit
|
restrictions
|
forwarding
|
attackers
|
intended
|
iptables
|
FORWARD
|
enabled
|
include
|
ruleset
|
bypass
|
access
|
packet
|
allow
|
Linux
|
chain
|
rules
|
could
|
which
|
does
|
Red
|
any
|
Hat
|
not
|
The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not include any rules in the FORWARD chain, which could allow attackers to bypass intended access restrictions if packet forwarding is enabled.
Format string vulnerability in Eye Of Gnome (EO
vulnerability
|
Format
|
string
|
Gnome
|
Eye
|
Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display.
Buffer overflow in gbnserver for Gnome Batalla
gbnserver
|
overflow
|
Batalla
|
Buffer
|
Naval
|
Gnome
|
Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows remote attackers to execute arbitrary code via a long connection string.
Multiple extfs backend scripts for GNOME virtua
Multiple
|
scripts
|
virtual
|
backend
|
system
|
extfs
|
GNOME
|
file
|
Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI.
HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Sup
/opt/gnome/src/GLib/
|
permissions
|
privileges
|
Libraries
|
installed
|
directory
|
insecure
|
B6848AB
|
Support
|
allows
|
B1100
|
users
|
HP-UX
|
files
|
local
|
which
|
B1111
|
GTK+
|
uses
|
gain
|
via
|
HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/.
gnome-pty-helper in GNOME libzvt2 and libvte4 a
gnome-pty-helper
|
environment
|
hostname
|
variable
|
modified
|
DISPLAY
|
libzvt2
|
libvte4
|
allows
|
users
|
local
|
GNOME
|
logon
|
spoof
|
via
|
gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed.
The perform_file_save function in GNOME Worksta
perform_file_save
|
Workstation
|
function
|
Command
|
Center
|
GNOME
|
The perform_file_save function in GNOME Workstation Command Center (gwcc) 0.9.6 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the gwcc_out.txt temporary file.
Multiple format string vulnerabilities in the G
vulnerabilities
|
Multiple
|
library
|
Access
|
GNOME2
|
string
|
format
|
GNOME
|
Data
|
Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary code.
GNOME Evolution 2.4.2.1 and earlier allows remo
Evolution
|
GNOME
|
GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml.
gnome screensaver before 2.14, when running on
screensaver
|
before
|
gnome
|
gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard sequence, which removes the grab from gnome.
Format string vulnerability in the host chooser
vulnerability
|
chooser
|
window
|
string
|
Format
|
host
|
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.
xscreensaver in Sun Solaris 10 before 20070604,
xscreensaver
|
Solaris
|
before
|
Sun
|
xscreensaver in Sun Solaris 10 before Monday, June 04, 2007, when a GNOME session with Assistive Technology support is running, allows attackers with physical access to take control of the session after entering an Alt-Tab sequence.
Software vulnerabilities results 1 to 20 of 30
Page:
1
2
►