threat
engine
.sh
Back
·
··:··
Home
/
Product
/
gnome glib
Product
gnome glib
156 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-2708
all versions
A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() functi
3.7
LOW
CVE-2026-5201
all versions
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to i
7.5
HIGH
CVE-2026-5119
all versions
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transm
5.9
MEDIUM
CVE-2026-2436
all versions
A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_di
6.5
MEDIUM
CVE-2026-2369
all versions
A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leadin
6.5
MEDIUM
CVE-2026-4271
all versions
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HT
5.3
MEDIUM
CVE-2026-3634
all versions
A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Li
3.9
LOW
CVE-2026-3633
all versions
A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the
soup_message_new()
function, could in
3.9
LOW
CVE-2026-3632
all versions
A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup do
3.9
LOW
CVE-2026-3099
all versions
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not prope
5.8
MEDIUM
CVE-2026-2443
all versions
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range
5.3
MEDIUM
CVE-2026-1801
all versions
A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-complian
5.3
MEDIUM
CVE-2026-1539
all versions
A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations
5.8
MEDIUM
CVE-2026-1536
all versions
A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Re
5.8
MEDIUM
CVE-2026-1467
all versions
A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occu
5.8
MEDIUM
CVE-2025-14512
< 2.86.3
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in
6.5
MEDIUM
CVE-2025-14087
< 2.86.3
A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of
5.6
MEDIUM
CVE-2025-13601
< 2.86.3
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string(
7.7
HIGH
CVE-2025-4056
< 2.84.1
A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using l
7.5
HIGH
CVE-2025-6052
>= 2.75.3 and <= 2.84.3
A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining
3.7
LOW
CVE-2025-2784
< 3.6.5
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_white
7.0
HIGH
CVE-2024-52533
< 2.82.1
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN
9.8
CRITICAL
CVE-2024-52532
< 3.6.1
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data
7.5
HIGH
CVE-2024-52531
< 3.6.1
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_li
6.5
MEDIUM
CVE-2024-52530
< 3.6.0
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names
7.5
HIGH
CVE-2024-34397
< 2.78.5
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to
5.2
MEDIUM
CVE-2023-32665
< 2.74.4
A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause
5.5
MEDIUM
CVE-2023-32643
< 2.75.1
A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-
5.3
MEDIUM
CVE-2023-32636
< 2.74.4
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional in
4.7
MEDIUM
CVE-2023-32611
< 2.74.2
A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive
5.5
MEDIUM
CVE-2023-29499
< 2.74.4
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to de
5.5
MEDIUM
CVE-2023-26081
< 43.1
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occu
7.5
HIGH
CVE-2021-3800
< 2.62.5
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privilege
5.5
MEDIUM
CVE-2021-46829
< 2.42.8
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF file
7.8
HIGH
CVE-2022-29536
< 41.4
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten
7.5
HIGH
CVE-2021-45088
< 40.4
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.
6.1
MEDIUM
CVE-2021-45087
< 40.4
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demons
6.1
MEDIUM
CVE-2021-45086
< 40.4
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pd
6.1
MEDIUM
CVE-2021-45085
< 40.4
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overv
6.1
MEDIUM
CVE-2021-39361
<= 0.3.96
In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects
5.9
MEDIUM
CVE-2021-20240
< 2.39.2
A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a
8.8
HIGH
CVE-2009-3721
all versions
Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is
7.8
HIGH
CVE-2021-20297
< 1.30.0
A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager.
5.5
MEDIUM
CVE-2021-28153
< 2.66.8
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to repla
5.3
MEDIUM
CVE-2021-27219
< 2.66.6
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on
7.5
HIGH
CVE-2021-27218
< 2.66.7
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer
7.5
HIGH
CVE-2021-3349
<= 3.38.3
GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because
3.3
LOW
CVE-2020-29385
> 2.39.2 and < 2.42.2
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes.
5.5
MEDIUM
CVE-2020-35457
< 2.65.3
GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE:
7.8
HIGH
CVE-2020-16117
< 3.35.91
In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sen
5.9
MEDIUM
CVE-2020-14928
<= 3.36.3
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin
5.9
MEDIUM
CVE-2020-10754
< 1.22.14
It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settin
4.3
MEDIUM
CVE-2020-13645
< 2.62.4
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TL
6.5
MEDIUM
CVE-2020-11879
< 3.35.91
An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a
6.5
MEDIUM
CVE-2012-1096
<= 0.9.0
NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via th
5.5
MEDIUM
CVE-2012-0828
all versions
Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers
9.8
CRITICAL
CVE-2013-4166
<= 3.8.4
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9
7.5
HIGH
CVE-2006-7246
>= 0.9.0 and <= 0.9.9.98
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.
6.8
MEDIUM
CVE-2020-6750
>= 2.60.0 and <= 2.62.4
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy
5.9
MEDIUM
CVE-2012-2736
all versions
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecu
4.4
MEDIUM
CVE-2011-3355
>= 3.0.3 and <= 3.2.1
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into th
7.3
HIGH
CVE-2011-2897
<= 2.31.1
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw
9.8
CRITICAL
CVE-2019-17266
>= 2.65.1 and < 2.66.4
libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm
9.8
CRITICAL
CVE-2019-3890
< 3.31.3
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw t
8.1
HIGH
CVE-2019-13012
>= 2.0.0 and < 2.59.1
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parent
7.5
HIGH
CVE-2019-12450
>= 2.15.0 and <= 2.61.1
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy ope
9.8
CRITICAL
CVE-2019-9633
all versions
gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-at
6.5
MEDIUM
CVE-2017-12447
all versions
GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial
7.8
HIGH
CVE-2018-15587
<= 3.28.2
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email
6.5
MEDIUM
CVE-2019-6251
<= 3.31.4
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An a
8.1
HIGH
CVE-2018-16429
all versions
GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().
7.5
HIGH
CVE-2018-16428
all versions
In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.
9.8
CRITICAL
CVE-2016-10727
< 3.21.2
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with clear
9.8
CRITICAL
CVE-2018-12910
all versions
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
9.8
CRITICAL
CVE-2018-12422
<= 3.29.2
addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers t
9.8
CRITICAL
CVE-2018-12016
<= 3.28.2.1
libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application cras
7.5
HIGH
CVE-2018-11713
< 2.62.0
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior
6.5
MEDIUM
CVE-2018-11396
<= 3.28.2.1
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service
7.5
HIGH
CVE-2017-17689
all versions
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exf
5.9
MEDIUM
CVE-2017-2885
all versions
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can ca
9.8
CRITICAL
CVE-2018-1000135
<= 1.10.2
GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can r
7.5
HIGH
CVE-2017-1000422
<= 2.36.8
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corrup
8.8
HIGH
CVE-2017-2870
all versions
An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with
7.8
HIGH
CVE-2017-2862
all versions
An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6.
7.8
HIGH
CVE-2017-1000044
all versions
gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corrupti
9.8
CRITICAL
CVE-2017-1000025
all versions
GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulne
7.5
HIGH
CVE-2017-6314
< 2.36.12
The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (i
5.5
MEDIUM
CVE-2017-6313
< 2.36.12
Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial o
7.1
HIGH
CVE-2017-6312
< 2.36.12
Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and
5.5
MEDIUM
CVE-2017-6311
< 2.36.8
gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference a
7.5
HIGH
CVE-2017-5885
<= 0.6.0
Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 al
9.8
CRITICAL
CVE-2017-5884
<= 0.6.0
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute a
7.8
HIGH
CVE-2016-6352
<= 2.35.2
The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds
7.5
HIGH
CVE-2015-8875
<= 2.33
Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functio
7.8
HIGH
CVE-2015-0272
< 1.2.0
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an
CVE-2015-7674
<= 2.32.0
Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to ca
CVE-2015-7673
<= 2.31.4
io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial
CVE-2015-4491
<= 2.31.4
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox befo
CVE-2014-1949
<= 3.10.9
GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate a
CVE-2011-3201
<= 3.0.3
GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailt
CVE-2012-2132
all versions
libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allow
CVE-2012-2370
<= 2.26.0
Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to
CVE-2011-2485
<= 2.23.3
The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return
CVE-2012-0039
<= 2.31.8
GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger has
7.5
HIGH
CVE-2010-4833
< 2.24.0
Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain priv
CVE-2010-4831
< 2.21.8
Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in GTK+ before 2.21.8 allows local users to gain privileges via
CVE-2011-2176
<= 0.8.4
GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypas
CVE-2011-2524
<= 2.35.3
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary f
CVE-2011-1943
< 0.8.9997
The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15
CVE-2011-1709
all versions
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm acco
CVE-2011-0727
all versions
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack o
CVE-2010-3312
all versions
Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with t
CVE-2010-0732
< 2.18.5
gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK
CVE-2009-4145
all versions
nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI,
CVE-2009-4144
all versions
NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterpri
CVE-2009-3289
all versions
The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allo
7.8
HIGH
CVE-2009-2697
<= 2.16
The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapp
CVE-2009-1631
<= 2.26.1
The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain dir
CVE-2009-0582
<= 2.24.5
The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server
CVE-2008-4316
<= 2.16.4
Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a
CVE-2008-5985
all versions
Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to
CVE-2008-1109
all versions
Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPT
CVE-2008-1108
all versions
Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code
CVE-2008-0072
<= 2.12.3
Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows rem
CVE-2007-3381
<= 2.14.12
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5
CVE-2007-3257
all versions
Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary
CVE-2007-1266
<= 2.8.1
Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visu
CVE-2007-0010
< 2.4.13
The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a de
CVE-2006-6105
all versions
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users t
CVE-2006-2452
all versions
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login
CVE-2006-2789
all versions
Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to
CVE-2006-1057
all versions
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs
CVE-2006-0040
all versions
GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e
CVE-2006-0528
all versions
The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of
CVE-2005-2976
< 2.8.7
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or ex
CVE-2005-2975
< 2.8.7
io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinit
CVE-2005-2550
all versions
Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and poss
CVE-2005-2549
all versions
Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash
CVE-2005-2410
< 0.4.1
Format string vulnerability in the nm_info_handler function in Network Manager may allow remote attackers to execute arbitrary cod
CVE-2005-0891
>= 2.0.0 and < 2.2.4
Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted
7.5
HIGH
CVE-2005-0372
< 2.0.18
Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .
CVE-2005-0238
all versions
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domai
CVE-2005-0102
<= 2.0.2
Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execut
9.8
CRITICAL
CVE-2004-0788
>= 2.0.0 and < 2.2.4
Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to caus
CVE-2004-0783
all versions
Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pi
CVE-2004-0782
all versions
Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf b
CVE-2004-0753
>= 2.0.0 and < 2.2.4
The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of serv
CVE-2003-0794
all versions
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking sock
CVE-2003-0793
all versions
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a den
CVE-2003-0549
all versions
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemo
CVE-2003-0548
all versions
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemo
CVE-2003-0547
all versions
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink atta
CVE-2001-0084
all versions
GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local u
CVE-2000-0504
all versions
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked b
CVE-2000-0491
all versions
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or
CVE-1999-0990
all versions
Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin