Filtered by vendor Gnome
Subscriptions
Total
358 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0040 | 1 Gnome | 1 Evolution | 2026-04-16 | N/A |
| GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml. | ||||
| CVE-2001-0927 | 1 Gnome | 1 Libgtop Daemon | 2026-04-16 | N/A |
| Format string vulnerability in the permitted function of GNOME libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers to execute arbitrary code via an argument that contains format specifiers that are passed into the (1) syslog_message and (2) syslog_io_message functions. | ||||
| CVE-2006-2789 | 1 Gnome | 1 Evolution | 2026-04-16 | N/A |
| Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used. | ||||
| CVE-2004-0782 | 2 Gnome, Redhat | 3 Gdkpixbuf, Gtk, Enterprise Linux | 2026-04-16 | N/A |
| Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687). | ||||
| CVE-2005-2410 | 1 Gnome | 1 Networkmanager | 2026-04-16 | N/A |
| Format string vulnerability in the nm_info_handler function in Network Manager may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier, which is not properly handled in a syslog call. | ||||
| CVE-2000-0504 | 3 Gnome, Open Group, Xfree86 Project | 3 Gdm, X, X11r6 | 2026-04-16 | N/A |
| libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro. | ||||
| CVE-2004-0889 | 11 Debian, Easy Software Products, Gentoo and 8 more | 16 Debian Linux, Cups, Linux and 13 more | 2026-04-16 | N/A |
| Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888. | ||||
| CVE-2005-3186 | 3 Gnome, Gtk, Redhat | 3 Gdkpixbuf, Gtk\+, Enterprise Linux | 2026-04-16 | N/A |
| Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow. | ||||
| CVE-2004-0783 | 2 Gnome, Redhat | 3 Gdkpixbuf, Gtk, Enterprise Linux | 2026-04-16 | N/A |
| Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688). | ||||
| CVE-2003-0133 | 2 Gnome, Redhat | 2 Gtkhtml, Linux | 2026-04-16 | N/A |
| GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages. | ||||
| CVE-2006-1335 | 1 Gnome | 1 Screensaver | 2026-04-16 | N/A |
| gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard sequence, which removes the grab from gnome. | ||||
| CVE-2006-0820 | 1 Gnome | 1 Dwarf Http Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified error messages. | ||||
| CVE-2005-2976 | 2 Gnome, Redhat | 3 Gdkpixbuf, Gtk, Enterprise Linux | 2026-04-16 | N/A |
| Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186. | ||||
| CVE-2005-2549 | 2 Gnome, Redhat | 2 Evolution, Enterprise Linux | 2026-04-16 | N/A |
| Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers. | ||||
| CVE-2003-0547 | 2 Gnome, Redhat | 3 Gdm, Kdebase, Linux | 2026-04-16 | N/A |
| GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file. | ||||
| CVE-2006-3057 | 1 Gnome | 1 Dhcdbd | 2026-04-16 | N/A |
| Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) allows remote attackers to cause a denial of service (crash) via certain invalid DHCP responses that trigger memory corruption. | ||||
| CVE-2025-11687 | 1 Gnome | 1 Gi-docgen | 2026-04-15 | 6.1 Medium |
| A flaw was found in the gi-docgen. This vulnerability allows arbitrary JavaScript execution in the context of the page — enabling DOM access, session cookie theft and other client-side attacks — via a crafted URL that supplies a malicious value to the q GET parameter (reflected DOM XSS). | ||||
| CVE-2025-3839 | 1 Gnome | 1 Epiphany | 2026-04-15 | 8 High |
| A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this action, resulting in potential code execution on the client device via trusted UI behavior. | ||||
| CVE-2026-2574 | 1 Gnome | 1 Glib-networking | 2026-02-17 | 5.4 Medium |
| A flaw was found in glib-networking. A malicious Transport Layer Security (TLS) server can exploit an out-of-bounds read and invalid free vulnerability when a client using the OpenSSL backend connects. By advertising a specially crafted client-CA list, the server can trigger an issue where memory is accessed outside of its allocated buffer and subsequently freed incorrectly. This can lead to a denial-of-service and potentially disclose limited heap memory. | ||||
| CVE-2026-2604 | 1 Gnome | 1 Evolution-data-server | 2026-02-17 | 5.6 Medium |
| No description is available for this CVE. | ||||