CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2014-1949 – Mandriva Linux Security Advisory 2015-162
https://notcve.org/view.php?id=CVE-2014-1949
16 Jan 2015 — GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button. GTK+ 3.10.9 y anteriores, utilizado en cinnamon-screensaver, gnome-screensaver, y otras aplicaciones, permite a atacantes físicamente próximos evadir la pantalla de bloqueo mediante la activación del botón del menú. Clemens Fries reported that, when using Cinnamon, it was possible to bypass the screensaver lock. An a... • http://advisories.mageia.org/MGASA-2014-0374.html • CWE-284: Improper Access Control •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4831
https://notcve.org/view.php?id=CVE-2010-4831
06 Sep 2011 — Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in GTK+ before 2.21.8 allows local users to gain privileges via a Trojan horse Wintab32.dll file in the current working directory. Vulnerabilidad de ruta de búsqueda no segura en gdk/win32/gdkinput-win32.c in GTK+ anteriores a v2.21.8 permite a usuarios locales obtener privilegios de a través de un fichero Wintab32.dll (troyanizado) en el directorio de trabajo actual. • http://ftp.gnome.org/pub/gnome/sources/gtk+/2.21/gtk+-2.21.8.changes • CWE-426: Untrusted Search Path •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4833
https://notcve.org/view.php?id=CVE-2010-4833
06 Sep 2011 — Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability than CVE-2010-4831. Ruta de búsqueda no segura en modules/engines/ms-windows/xp_theme.c en GTK+ anteriores a v2.24.0 permite a usuarios locales obtener privilegios de administrador a través de un fichero uxtheme.dll (troyanizado) en el directorio de trabajo actual, es una vulner... • http://git.gnome.org/browse/gtk+/commit/modules/engines/ms-windows/xp_theme.c?h=gtk-2-24&id=d6e11a97e318158f5d210a0476870dfe14ed95e6 • CWE-426: Untrusted Search Path •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0732 – Gentoo Linux Security Advisory 201412-08
https://notcve.org/view.php?id=CVE-2010-0732
19 Mar 2010 — gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. gdk/gdkwindow.c en GTK+ anterior a v2.18.5, utilizada en gnome-screensaver anterior a v2.28.1, realiza pinturas implícitas en las ventanas de tipo GDK_WINDOW_F... • http://ftp.gnome.org/pub/gnome/sources/gtk+/2.18/gtk+-2.18.5.news • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2007-0010 – GTK2 GDKPixBufLoader - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-0010
24 Jan 2007 — The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file. La función GdkPixbufLoader del GIMP ToolKit (GTK+) en el GTK 2 (gtk2) en versiones anteriores a la 2.4.13 atacantes dependiendo del contexto provocar una denegación de servicio (caída) a través de un fichero de imagen mal formado. • https://www.exploit-db.com/exploits/29520 •
CVSS: 7.8EPSS: 11%CPEs: 2EXPL: 0CVE-2005-2975
https://notcve.org/view.php?id=CVE-2005-2975
18 Nov 2005 — io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors. • http://secunia.com/advisories/17522 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2005-2976
https://notcve.org/view.php?id=CVE-2005-2976
18 Nov 2005 — Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186. • http://secunia.com/advisories/17522 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2005-0891
https://notcve.org/view.php?id=CVE-2005-0891
01 Apr 2005 — Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000958 • CWE-415: Double Free •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2005-0372
https://notcve.org/view.php?id=CVE-2005-0372
17 Feb 2005 — Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000957 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 30%CPEs: 9EXPL: 0CVE-2004-0782
https://notcve.org/view.php?id=CVE-2004-0782
17 Sep 2004 — Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687). Desbordamiento de enteros en pixbuf_create_from_xpm (io-xpm.c) en el decodificador de imágenes XPM de gtk+ 2.4.4 (gtk2) y... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000875 •