1.9

CVE-2010-2387

EPSS 0.09%
Published 21.12.2012 05:46:13
Last modified 11.04.2025 00:51:21
Source secalert_us@oracle.com
Teams watchlist Login
Open Login

vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.

Affected products Warnungen 0 Metrics 2 CWE 0 References 11

Data is provided by the National Vulnerability Database (NVD)

Gnome ≫ Gnome Display Manager Version2.20.0

Gnome ≫ Gnome Display Manager Version2.20.1

Gnome ≫ Gnome Display Manager Version2.20.2

Gnome ≫ Gnome Display Manager Version2.20.3

Gnome ≫ Gnome Display Manager Version2.20.4

Gnome ≫ Gnome Display Manager Version2.20.5

Gnome ≫ Gnome Display Manager Version2.20.6

Gnome ≫ Gnome Display Manager Version2.20.7

Gnome ≫ Gnome Display Manager Version2.20.8

Gnome ≫ Gnome Display Manager Version2.20.9

Gnome ≫ Gnome Display Manager Version2.20.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.233

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:P/I:N/A:N

http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes

http://secunia.com/advisories/40690

Vendor Advisory

http://secunia.com/advisories/40780

Vendor Advisory

http://www.auscert.org.au/13123

US Government Resource

http://www.osvdb.org/66643

https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure

https://bugzilla.gnome.org/show_bug.cgi?id=571846

https://exchange.xforce.ibmcloud.com/vulnerabilities/60642

https://nvd.nist.gov/vuln/detail/CVE-2010-2387

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-2387

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-2387

EUVD