CVE-2014-1949
https://notcve.org/view.php?id=CVE-2014-1949
GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button. GTK+ 3.10.9 y anteriores, utilizado en cinnamon-screensaver, gnome-screensaver, y otras aplicaciones, permite a atacantes físicamente próximos evadir la pantalla de bloqueo mediante la activación del botón del menú. • http://advisories.mageia.org/MGASA-2014-0374.html http://seclists.org/oss-sec/2014/q1/327 http://seclists.org/oss-sec/2014/q1/331 http://www.mandriva.com/security/advisories?name=MDVSA-2015:162 http://www.ubuntu.com/usn/USN-2475-1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759145 https://bugzilla.redhat.com/show_bug.cgi?id=1064695 https://github.com/linuxmint/cinnamon-screensaver/issues/44 • CWE-284: Improper Access Control •
CVE-2010-4833
https://notcve.org/view.php?id=CVE-2010-4833
Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability than CVE-2010-4831. Ruta de búsqueda no segura en modules/engines/ms-windows/xp_theme.c en GTK+ anteriores a v2.24.0 permite a usuarios locales obtener privilegios de administrador a través de un fichero uxtheme.dll (troyanizado) en el directorio de trabajo actual, es una vulnerabilidad distinta a CVE-2010-4831. • http://git.gnome.org/browse/gtk+/commit/modules/engines/ms-windows/xp_theme.c?h=gtk-2-24&id=d6e11a97e318158f5d210a0476870dfe14ed95e6 http://secunia.com/advisories/45815 http://www.securityfocus.com/bid/49449 • CWE-426: Untrusted Search Path •
CVE-2010-4831
https://notcve.org/view.php?id=CVE-2010-4831
Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in GTK+ before 2.21.8 allows local users to gain privileges via a Trojan horse Wintab32.dll file in the current working directory. Vulnerabilidad de ruta de búsqueda no segura en gdk/win32/gdkinput-win32.c in GTK+ anteriores a v2.21.8 permite a usuarios locales obtener privilegios de a través de un fichero Wintab32.dll (troyanizado) en el directorio de trabajo actual. • http://ftp.gnome.org/pub/gnome/sources/gtk+/2.21/gtk+-2.21.8.changes http://git.gnome.org/browse/gtk+/commit/gdk/win32/gdkinput-win32.c?h=gtk-2-24&id=88f54ea47d4a55bbbf9e34a7a0502f365eb69ae5&ss=1 http://jvn.jp/en/jp/JVN58019849/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2011-000072 http://secunia.com/advisories/45815 http://www.securityfocus.com/bid/49449 • CWE-426: Untrusted Search Path •
CVE-2010-0732
https://notcve.org/view.php?id=CVE-2010-0732
gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. gdk/gdkwindow.c en GTK+ anterior a v2.18.5, utilizada en gnome-screensaver anterior a v2.28.1, realiza pinturas implícitas en las ventanas de tipo GDK_WINDOW_FOREIGN, lo que lanza un error X en ciertas circunstancias y consecuentemente permite a atacantes próximos físicamente evitar el bloqueo de pantalla y acceder a un ordenador presionando la tecla Enter durante un cierto tiempo • http://ftp.gnome.org/pub/gnome/sources/gtk+/2.18/gtk+-2.18.5.news http://git.gnome.org/browse/gnome-screensaver/commit/?h=gnome-2-28&id=98f8a22412cf388217fd5b88915eadd274d68520 http://git.gnome.org/browse/gnome-screensaver/commit/?id=ab08cc93f2dc6223c8c00bfa1ca4f2d89069dbe0 http://git.gnome.org/browse/gtk+/commit/?id=0748cf563d0d0d03001a62589f13be16a8ec06c1 http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://secunia.com/advisories/39317 http://www.heise.de/newsticker/mel • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2007-0010 – GTK2 GDKPixBufLoader - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-0010
The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file. La función GdkPixbufLoader del GIMP ToolKit (GTK+) en el GTK 2 (gtk2) en versiones anteriores a la 2.4.13 atacantes dependiendo del contexto provocar una denegación de servicio (caída) a través de un fichero de imagen mal formado. • https://www.exploit-db.com/exploits/29520 http://osvdb.org/31621 http://secunia.com/advisories/23884 http://secunia.com/advisories/23933 http://secunia.com/advisories/23935 http://secunia.com/advisories/23984 http://secunia.com/advisories/24006 http://secunia.com/advisories/24010 http://secunia.com/advisories/24095 http://securitytracker.com/id?1017552 http://www.mandriva.com/security/advisories?name=MDKSA-2007:039 http://www.novell.com/linux/security/advisories/2007_02_s •