Gnome Display Manager
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-7496 | 0.00 | — | 0.00 | Nov 24, 2015 | GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key. | |||
| CVE-2013-7273 | 0.00 | — | 0.00 | Apr 29, 2014 | GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name. | |||
| CVE-2013-4169 | 0.00 | — | 0.00 | Sep 10, 2013 | GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/. | |||
| CVE-2010-2387 | 0.00 | — | 0.01 | Dec 21, 2012 | vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs. | |||
| CVE-2011-1709 | 0.00 | — | 0.00 | Jun 14, 2011 | GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type. | |||
| CVE-2011-0727 | 0.00 | — | 0.00 | Mar 31, 2011 | GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/. | |||
| CVE-2006-6105 | 0.00 | — | 0.00 | Dec 15, 2006 | Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog. |
- CVE-2015-7496Nov 24, 2015risk 0.00cvss —epss 0.00
GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.
- CVE-2013-7273Apr 29, 2014risk 0.00cvss —epss 0.00
GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.
- CVE-2013-4169Sep 10, 2013risk 0.00cvss —epss 0.00
GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.
- CVE-2010-2387Dec 21, 2012risk 0.00cvss —epss 0.01
vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.
- CVE-2011-1709Jun 14, 2011risk 0.00cvss —epss 0.00
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
- CVE-2011-0727Mar 31, 2011risk 0.00cvss —epss 0.00
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
- CVE-2006-6105Dec 15, 2006risk 0.00cvss —epss 0.00
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.