Search Results (371 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-1539 2 Gnome, Redhat 2 Libsoup, Enterprise Linux 2026-04-16 5.8 Medium
A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data.
CVE-2026-2443 3 Gnome, Red Hat, Redhat 3 Libsoup, Enterprise Linux, Enterprise Linux 2026-04-16 5.3 Medium
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.
CVE-2026-3632 3 Gnome, Libsoup, Redhat 3 Libsoup, Libsoup, Enterprise Linux 2026-04-16 3.9 Low
A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where they can send hidden, malicious requests alongside legitimate ones. In certain situations, this could lead to Server-Side Request Forgery (SSRF), enabling an attacker to force the server to make unauthorized requests to other internal or external systems. The impact is low, as SoupServer is not actually used in internet infrastructure.
CVE-2000-0491 3 Caldera, Gnome, Suse 3 Openlinux, Gdm, Suse Linux 2026-04-16 N/A
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
CVE-2005-0891 2 Gnome, Redhat 2 Gtk, Enterprise Linux 2026-04-16 7.5 High
Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.
CVE-2005-2550 2 Gnome, Redhat 2 Evolution, Enterprise Linux 2026-04-16 N/A
Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab.
CVE-1999-0990 1 Gnome 1 Gdm 2026-04-16 N/A
Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.
CVE-2003-0541 2 Gnome, Redhat 2 Gtkhtml, Linux 2026-04-16 N/A
gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference.
CVE-2005-0372 2 Gnome, Redhat 2 Gtk, Enterprise Linux 2026-04-16 N/A
Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.
CVE-2005-2410 1 Gnome 1 Networkmanager 2026-04-16 N/A
Format string vulnerability in the nm_info_handler function in Network Manager may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier, which is not properly handled in a syslog call.
CVE-2003-0165 2 Gnome, Redhat 2 Eog, Linux 2026-04-16 N/A
Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display.
CVE-2005-0238 4 Gnome, Mozilla, Omnigroup and 1 more 5 Epiphany, Camino, Mozilla and 2 more 2026-04-16 N/A
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVE-2001-0928 1 Gnome 1 Libgtop Daemon 2026-04-16 N/A
Buffer overflow in the permitted function of GNOME gtop daemon (libgtop_daemon) in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data.
CVE-2005-0102 3 Debian, Gnome, Redhat 3 Debian Linux, Evolution, Enterprise Linux 2026-04-16 9.8 Critical
Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow.
CVE-2003-0407 1 Gnome 1 Batalla Naval 2026-04-16 N/A
Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows remote attackers to execute arbitrary code via a long connection string.
CVE-2003-0133 2 Gnome, Redhat 2 Gtkhtml, Linux 2026-04-16 N/A
GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages.
CVE-2006-0820 1 Gnome 1 Dwarf Http Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified error messages.
CVE-2000-0948 1 Gnome 1 Gnorpm 2026-04-16 N/A
GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack.
CVE-2006-0819 1 Gnome 1 Dwarf Http Server 2026-04-16 N/A
Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request.
CVE-2004-0788 2 Gnome, Redhat 3 Gdkpixbuf, Gtk, Enterprise Linux 2026-04-16 N/A
Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file.