Gnome: Security Vulnerabilities
GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages.
CVSS Score
5.0
EPSS Score
0.008
Published
2003-05-05
Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display.
CVSS Score
4.6
EPSS Score
0.007
Published
2003-04-02
The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not include any rules in the FORWARD chain, which could allow attackers to bypass intended access restrictions if packet forwarding is enabled.
CVSS Score
7.5
EPSS Score
0.004
Published
2003-03-31
VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
CVSS Score
6.8
EPSS Score
0.006
Published
2003-03-03
Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments.
CVSS Score
4.6
EPSS Score
0.003
Published
2002-12-31
Buffer overflow in the permitted function of GNOME gtop daemon (libgtop_daemon) in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data.
CVSS Score
7.5
EPSS Score
0.049
Published
2001-11-28
Format string vulnerability in the permitted function of GNOME libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers to execute arbitrary code via an argument that contains format specifiers that are passed into the (1) syslog_message and (2) syslog_io_message functions.
CVSS Score
7.5
EPSS Score
0.021
Published
2001-11-27
GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program.
CVSS Score
7.2
EPSS Score
0.003
Published
2001-02-12
GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack.
CVSS Score
7.2
EPSS Score
0.001
Published
2000-12-19
Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.
CVSS Score
6.2
EPSS Score
0.001
Published
2000-11-14