Gnome

Gdm

15 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2011-1709

  • EPSS 0.06%
  • Published 14.06.2011 17:55:03
  • Last modified 11.04.2025 00:51:21

GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.

6.9

CVE-2011-0727

  • EPSS 0.04%
  • Published 31.03.2011 22:55:02
  • Last modified 11.04.2025 00:51:21

GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.

6.8

CVE-2009-2697

  • EPSS 0.2%
  • Published 04.09.2009 20:30:00
  • Last modified 09.04.2025 00:30:58

The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different...

1.5

CVE-2007-3381

  • EPSS 0.08%
  • Published 07.08.2007 10:17:00
  • Last modified 09.04.2025 00:30:58

The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of...

4.3

CVE-2006-6105

  • EPSS 0.08%
  • Published 15.12.2006 02:28:00
  • Last modified 09.04.2025 00:30:58

Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.

3.7

CVE-2006-2452

  • EPSS 0.1%
  • Published 09.06.2006 10:02:00
  • Last modified 03.04.2025 01:03:51

GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional...

3.7

CVE-2006-1057

  • EPSS 0.06%
  • Published 25.04.2006 01:02:00
  • Last modified 03.04.2025 01:03:51

Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.

2.1

CVE-2003-0793

  • EPSS 0.07%
  • Published 17.11.2003 05:00:00
  • Last modified 03.04.2025 01:03:51

GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).

2.1

CVE-2003-0794

  • EPSS 0.08%
  • Published 17.11.2003 05:00:00
  • Last modified 03.04.2025 01:03:51

GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not rea...

2.1

CVE-2003-0547

  • EPSS 0.11%
  • Published 27.08.2003 04:00:00
  • Last modified 03.04.2025 01:03:51

GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.