Gnome

Gnome Display Manager

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.4

CVE-2020-27837

  • EPSS 0.06%
  • Veröffentlicht 28.12.2020 19:15:13
  • Zuletzt bearbeitet 21.11.2024 05:21:54

A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is sim...

6.8

CVE-2020-16125

Exploit
  • EPSS 15.55%
  • Veröffentlicht 10.11.2020 05:15:11
  • Zuletzt bearbeitet 21.11.2024 05:06:48

gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could a...

2.4

CVE-2016-1000002

Exploit
  • EPSS 0.16%
  • Veröffentlicht 05.11.2019 14:15:13
  • Zuletzt bearbeitet 21.11.2024 02:42:49

gdm3 3.14.2 and possibly later has an information leak before screen lock

6.9

CVE-2019-3825

Exploit
  • EPSS 0.08%
  • Veröffentlicht 06.02.2019 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:37

A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to...

7.8

CVE-2018-14424

  • EPSS 0.07%
  • Veröffentlicht 14.08.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:01

The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting ...

6.9

CVE-2017-12164

  • EPSS 0.12%
  • Veröffentlicht 26.07.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:08:57

A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.

7.2

CVE-2015-7496

  • EPSS 0.08%
  • Veröffentlicht 24.11.2015 20:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.

2.1

CVE-2013-7273

  • EPSS 0.07%
  • Veröffentlicht 29.04.2014 14:38:49
  • Zuletzt bearbeitet 12.04.2025 10:46:40

GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.

6.9

CVE-2013-4169

  • EPSS 0.03%
  • Veröffentlicht 10.09.2013 19:55:11
  • Zuletzt bearbeitet 11.04.2025 00:51:21

GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.

1.9

CVE-2010-2387

  • EPSS 0.09%
  • Veröffentlicht 21.12.2012 05:46:13
  • Zuletzt bearbeitet 11.04.2025 00:51:21

vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the inf...