CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 1CVE-2010-2713 – Gentoo Linux Security Advisory 201412-10
https://notcve.org/view.php?id=CVE-2010-2713
05 Aug 2010 — The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression. La función vte_sequence_handler_window_manipulation en vteseq.c en libvte (conocido como libvte9) de VTE v0... • http://git.gnome.org/browse/vte/commit/?id=8b971a7b2c59902914ecbbc3915c45dd21530a91 •
CVSS: 4.6EPSS: 0%CPEs: 226EXPL: 0CVE-2009-1276
https://notcve.org/view.php?id=CVE-2009-1276
09 Apr 2009 — XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications. XScreenSaver en Sun Solaris v10 and OpenSolaris anteriores a snv_109, y Solaris v8 y v9 con GNOME v2.0 o v2.0.2, permite a atacantes próximos físicamente conseguir información sensible, leyendo las ven... • http://securitytracker.com/id?1022009 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 12%CPEs: 3EXPL: 4CVE-2008-3533 – Yelp 2.23.1 - Invalid URI Format String
https://notcve.org/view.php?id=CVE-2008-3533
18 Aug 2008 — Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs. Vulnerabilidad de cadena de formato en la función window_error de yelp-window.c en yelp de Gnome después de 2.19.90 y antes de 2.24 permite a atac... • https://www.exploit-db.com/exploits/32248 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2007-5337
https://notcve.org/view.php?id=CVE-2007-5337
21 Oct 2007 — Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server. El Mozilla Firefox anterior al 2.0.0.8 y el SeaMonkey anterior al 1.1.5, cuando corren bajo sistemas Linux con el soporte gnome-vfs, puede... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0080
https://notcve.org/view.php?id=CVE-2003-0080
18 Mar 2003 — The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not include any rules in the FORWARD chain, which could allow attackers to bypass intended access restrictions if packet forwarding is enabled. • http://www.osvdb.org/4400 •
CVSS: 8.4EPSS: 0%CPEs: 12EXPL: 0CVE-2003-0070
https://notcve.org/view.php?id=CVE-2003-0070
03 Mar 2003 — VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. El emulador de terminal gnome-terminal permite a atacantes modificar el título de la ventana mediante cierta secuencia de carác... • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-1999-1477 – Mandriva Linux Mandrake 6.0 / Gnome Libs 1.0.8 - 'espeaker' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-1999-1477
23 Sep 1999 — Buffer overflow in GNOME libraries 1.0.8 allows local user to gain root access via a long --espeaker argument in programs such as nethack. • https://www.exploit-db.com/exploits/19512 •