[CLOSE] OSVDB ID : 13994 - Disclosed: 2001-11-28

Description:

(Description Provided by CVE) : Buffer overflow in the permitted function of GNOME gtop daemon (libgtop_daemon) in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data.

[CLOSE] OSVDB ID : 13993 - Disclosed: 2001-11-27

Description:

(Description Provided by CVE) : Format string vulnerability in the permitted function of GNOME libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers to execute arbitrary code via an argument that contains format specifiers that are passed into the (1) syslog_message and (2) syslog_io_message functions.

[CLOSE] OSVDB ID : 13530 - Disclosed: 1999-09-26

Description:

(Description Provided by CVE) : Buffer overflow in GNOME libraries 1.0.8 allows local user to gain root access via a long --espeaker argument in programs such as nethack.

[CLOSE] OSVDB ID : 19824 - Disclosed: 2005-09-20

Description:

(Description Provided by CVE) : gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed.

[CLOSE] OSVDB ID : 64515 - Disclosed: 2010-02-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 53654 - Disclosed: 2009-03-03

Description:

(Description Provided by CVE) : GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console.

[CLOSE] OSVDB ID : 77041 - Disclosed: 2011-09-26

Description:

(Description Provided by CVE) : Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.

[CLOSE] OSVDB ID : 53653 - Disclosed: 2009-03-03

Description:

(Description Provided by CVE) : nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.

[CLOSE] OSVDB ID : 43689 - Disclosed: 2007-12-10

Description:

(Description Provided by CVE) : The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V.

[CLOSE] OSVDB ID : 24015 - Disclosed: 2006-01-11

Description:

(Description Provided by CVE) : gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard sequence, which removes the grab from gnome.

[CLOSE] OSVDB ID : 41988 - Disclosed: 2007-10-24

Description:

(Description Provided by CVE) : GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.

[CLOSE] OSVDB ID : 69106 - Disclosed: 2010-10-19

Description:

GNOME Shell contains a path subversion flaw that may allow a local attacker to gain access to unauthorized privileges. The issue is triggered when the 'gnome-shell' script fails to properly set the environment variable 'LD_LIBRARY_PATH' allowing a local attacker to gain elevated privileges by tricking a user into running the script in a directory which contains a trojan library.

[CLOSE] OSVDB ID : 31702 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the ole_info_read_metabat function in Gnome Structured File library (libgsf) 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large num_metabat value in an OLE document, which causes the ole_init_info function to allocate insufficient memory.

[CLOSE] OSVDB ID : 68653 - Disclosed: 2010-09-28

Description:

(Description Provided by CVE) : gnome-subtitles 1.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

[CLOSE] OSVDB ID : 69108 - Disclosed: 2010-10-19

Description:

GNOME Tomboy contains a path subversion flaw that may allow a local attacker to gain access to unauthorized privileges. The issue is triggered when the '/usr/bin/tomboy' and '/usr/bin/tomboy-panel' scripts fails to properly set the environment variable 'LD_LIBRARY_PATH' allowing a local attacker to gain elevated privileges by tricking a user into running the script in a directory which contains a trojan library.

[CLOSE] OSVDB ID : 74324 - Disclosed: 2011-06-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 19459 - Disclosed: 2005-09-16

Description:

The vulnerability is caused due to temporary file being created insecurely. This can be exploited via symlink attacks to create and overwrite arbitrary files with the privileges of the user running the affected script.

[CLOSE] OSVDB ID : 20315 - Disclosed: 2005-10-25

Description:

(Description Provided by CVE) : Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary code.

[CLOSE] OSVDB ID : 4400 - Disclosed: 2003-03-17

Description:

Gnome-Lokkit Firewall contains a flaw that may allow a remote attacker to bypass the firewall rules. The issue is due to no rules being set for the FORWARD chain. If paket forwarding is enabled, a remote attacker may be able to send specially crafted traffic that bypasses configured rules.

[CLOSE] OSVDB ID : 1520 - Disclosed: 2000-07-19

Description:

Gnome-Lokkit Firewall contains a flaw that may allow attackers to access ports believed to be restricted. No further details have been provided.

[CLOSE] OSVDB ID : 63689 - Disclosed: 2009-12-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 67890 - Disclosed: 2006-04-29

Description:

(Description Provided by CVE) : gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532.

[CLOSE] OSVDB ID : 62576 - Disclosed: 2009-08-31

Description:

(Description Provided by CVE) : gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor.

[CLOSE] OSVDB ID : 62323 - Disclosed: 2009-07-09

Description:

(Description Provided by CVE) : gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.

[CLOSE] OSVDB ID : 62219 - Disclosed: 2010-02-05

Description:

(Description Provided by CVE) : gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor.

[CLOSE] OSVDB ID : 62371 - Disclosed: 2010-02-16

Description:

(Description Provided by CVE) : gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to CVE-2010-0414.

[CLOSE] OSVDB ID : 43986 - Disclosed: 2008-04-03

Description:

(Description Provided by CVE) : gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859.

[CLOSE] OSVDB ID : 61117 - Disclosed: 2009-12-07

Description:

(Description Provided by CVE) : gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.

[CLOSE] OSVDB ID : 8338 - Disclosed: 2004-08-04

Description:

GNOME VFS contains a flaw that may allow a malicious user to gain unauthorized privileges. The issue is due to an error in several GNOME VFS extfs back-end scripts. It is possible that the flaw may allow a remote attacker to perform actions with GNOME VFS user privileges, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 60673 - Disclosed: 2000-11-15

Description:

Unknown / Incomplete