CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 3CVE-2006-7246
https://notcve.org/view.php?id=CVE-2006-7246
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. NetworkManager versiones 0.9.x, no fija un asunto del certificado en un ESSID cuando es usada la autenticación 802.11X. • http://www.openwall.com/lists/oss-security/2010/04/22/2 https://bugzilla.gnome.org/show_bug.cgi?id=341323 https://bugzilla.novell.com/show_bug.cgi?id=574266 https://lwn.net/Articles/468868 • CWE-295: Improper Certificate Validation •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 1CVE-2020-6750
https://notcve.org/view.php?id=CVE-2020-6750
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected. GSocketClient en GNOME GLib versiones hasta 2.62.4, ocasionalmente puede conectarse directamente a una dirección de destino en lugar de conectarse por medio de un servidor proxy cuando se configuró para hacerlo, porque el campo proxy_addr es manejado inapropiadamente. • https://bugzilla.suse.com/show_bug.cgi?id=1160668 https://gitlab.gnome.org/GNOME/glib/issues/1989 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RIFEDSRJ4P3WFCMDUOFQ2LEILZLMDW7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMLGW55HOQXHMTIPH2PWXFRBNBWVO4W https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEM7MMAXMWCDPUH4MTUZ763MBB64RRLJ https://security.netapp.com/advisory/ntap-20200127-0001 •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2012-6111
https://notcve.org/view.php?id=CVE-2012-6111
gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function gnome-keyring no descarta los secretos almacenados cuando se usa la función gnome_keyring_lock_all_sync. • http://www.openwall.com/lists/oss-security/2013/01/17/4 https://access.redhat.com/security/cve/cve-2012-6111 https://bugzilla.gnome.org/show_bug.cgi?id=690466 https://security-tracker.debian.org/tracker/CVE-2012-6111 • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4245
https://notcve.org/view.php?id=CVE-2013-4245
Orca has arbitrary code execution due to insecure Python module load Orca presenta una ejecución de código arbitrario debido a una carga no segura del módulo Python. • https://access.redhat.com/security/cve/cve-2013-4245 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4245 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4245 https://security-tracker.debian.org/tracker/CVE-2013-4245 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-19451
https://notcve.org/view.php?id=CVE-2019-19451
When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3. Cuando GNOME Dia antes del 27-11-2019 es iniciado con un argumento de nombre de archivo que no es una posición de código válida en la codificación actual, ingresa en un bucle sin fin, por lo que escribe texto de forma indefinida en stdout. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00019.html https://gitlab.gnome.org/GNOME/dia/issues/428 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTGLGWHINMTDRFL7RZAJZJM5YSVXUXWW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKLQU2XBM4BGRKOF3L4C5QCPBUNTKEUN • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •