Vulnerabilites related to gnome - gnome_display_manager
CVE-2013-4169 (GCVE-0-2013-4169)
Vulnerability from cvelistv5
Published
2013-09-10 19:00
Modified
2024-09-16 19:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:00.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=988498"
},
{
"name": "54661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54661"
},
{
"name": "RHSA-2013:1213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1213.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-10T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=988498"
},
{
"name": "54661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54661"
},
{
"name": "RHSA-2013:1213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1213.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=988498",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=988498"
},
{
"name": "54661",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54661"
},
{
"name": "RHSA-2013:1213",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1213.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4169",
"datePublished": "2013-09-10T19:00:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-09-16T19:04:55.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7273 (GCVE-0-2013-7273)
Vulnerability from cvelistv5
Published
2014-04-29 14:00
Modified
2024-08-06 18:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/07/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=704284"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338"
},
{
"name": "[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/07/16"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050745"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-29T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/07/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=704284"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338"
},
{
"name": "[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/07/16"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050745"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/07/10"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=704284",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=704284"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338"
},
{
"name": "[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/07/16"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1050745",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050745"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7273",
"datePublished": "2014-04-29T14:00:00",
"dateReserved": "2014-01-07T00:00:00",
"dateUpdated": "2024-08-06T18:01:20.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12164 (GCVE-0-2017-12164)
Vulnerability from cvelistv5
Published
2018-07-26 16:00
Modified
2024-08-05 18:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:16.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gdm",
"vendor": "GNOME",
"versions": [
{
"status": "affected",
"version": "3.24.1"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select \u0027login as another user\u0027 to unlock their screen."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-592",
"description": "CWE-592",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-26T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-12164",
"datePublished": "2018-07-26T16:00:00",
"dateReserved": "2017-08-01T00:00:00",
"dateUpdated": "2024-08-05T18:28:16.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7496 (GCVE-0-2015-7496)
Vulnerability from cvelistv5
Published
2015-11-24 20:00
Modified
2024-08-06 07:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-271025c598",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172328.html"
},
{
"name": "[oss-security] 20151117 Re: CVE request for Gnome gdm/screen lock crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/17/10"
},
{
"name": "RHSA-2017:2128",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2128"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.gnome.org/sources/gdm/3.18/gdm-3.18.2.news"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=758032"
},
{
"name": "[oss-security] 20151117 CVE request for Gnome gdm/screen lock crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/17/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2015-271025c598",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172328.html"
},
{
"name": "[oss-security] 20151117 Re: CVE request for Gnome gdm/screen lock crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/17/10"
},
{
"name": "RHSA-2017:2128",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2128"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.gnome.org/sources/gdm/3.18/gdm-3.18.2.news"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=758032"
},
{
"name": "[oss-security] 20151117 CVE request for Gnome gdm/screen lock crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/17/8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-271025c598",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172328.html"
},
{
"name": "[oss-security] 20151117 Re: CVE request for Gnome gdm/screen lock crash",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/11/17/10"
},
{
"name": "RHSA-2017:2128",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2128"
},
{
"name": "https://download.gnome.org/sources/gdm/3.18/gdm-3.18.2.news",
"refsource": "CONFIRM",
"url": "https://download.gnome.org/sources/gdm/3.18/gdm-3.18.2.news"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=758032",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=758032"
},
{
"name": "[oss-security] 20151117 CVE request for Gnome gdm/screen lock crash",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/11/17/8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-7496",
"datePublished": "2015-11-24T20:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:28.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14424 (GCVE-0-2018-14424)
Vulnerability from cvelistv5
Published
2018-08-14 16:00
Modified
2024-08-05 09:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:29:51.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180905 [SECURITY] [DLA 1494-1] gdm3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gdm/issues/401"
},
{
"name": "USN-3737-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3737-1/"
},
{
"name": "DSA-4270",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4270"
},
{
"name": "105179",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105179"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-06T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180905 [SECURITY] [DLA 1494-1] gdm3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.gnome.org/GNOME/gdm/issues/401"
},
{
"name": "USN-3737-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3737-1/"
},
{
"name": "DSA-4270",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4270"
},
{
"name": "105179",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105179"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180905 [SECURITY] [DLA 1494-1] gdm3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00003.html"
},
{
"name": "https://gitlab.gnome.org/GNOME/gdm/issues/401",
"refsource": "CONFIRM",
"url": "https://gitlab.gnome.org/GNOME/gdm/issues/401"
},
{
"name": "USN-3737-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3737-1/"
},
{
"name": "DSA-4270",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4270"
},
{
"name": "105179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105179"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14424",
"datePublished": "2018-08-14T16:00:00",
"dateReserved": "2018-07-19T00:00:00",
"dateUpdated": "2024-08-05T09:29:51.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27837 (GCVE-0-2020-27837)
Vulnerability from cvelistv5
Published
2020-12-28 18:34
Modified
2024-08-04 16:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:43.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906812"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gdm",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 3.38.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-28T18:34:04",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906812"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-27837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gdm",
"version": {
"version_data": [
{
"version_value": "prior to 3.38.2.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1906812",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906812"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-27837",
"datePublished": "2020-12-28T18:34:04",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-08-04T16:25:43.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3825 (GCVE-0-2019-3825)
Vulnerability from cvelistv5
Published
2019-02-06 20:00
Modified
2024-08-04 19:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Gnome Projectr | gdm |
Version: 3.31.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3892-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3892-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gdm",
"vendor": "The Gnome Projectr",
"versions": [
{
"status": "affected",
"version": "3.31.4"
}
]
}
],
"datePublic": "2019-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user\u0027s session."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-21T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-3892-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3892-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gdm",
"version": {
"version_data": [
{
"version_value": "3.31.4"
}
]
}
}
]
},
"vendor_name": "The Gnome Projectr"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user\u0027s session."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.3/CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3892-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3892-1/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3825",
"datePublished": "2019-02-06T20:00:00",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:19:18.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2387 (GCVE-0-2010-2387)
Vulnerability from cvelistv5
Published
2012-12-21 02:00
Modified
2024-08-07 02:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:32:16.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
},
{
"name": "ASB-2010.0184",
"tags": [
"third-party-advisory",
"x_refsource_AUSCERT",
"x_transferred"
],
"url": "http://www.auscert.org.au/13123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
},
{
"name": "40690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40690"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
},
{
"name": "solaris-gdm-information-disclosure(60642)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
},
{
"name": "40780",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40780"
},
{
"name": "66643",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/66643"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
},
{
"name": "ASB-2010.0184",
"tags": [
"third-party-advisory",
"x_refsource_AUSCERT"
],
"url": "http://www.auscert.org.au/13123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
},
{
"name": "40690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40690"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
},
{
"name": "solaris-gdm-information-disclosure(60642)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
},
{
"name": "40780",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40780"
},
{
"name": "66643",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/66643"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-2387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=571846",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
},
{
"name": "ASB-2010.0184",
"refsource": "AUSCERT",
"url": "http://www.auscert.org.au/13123"
},
{
"name": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure",
"refsource": "CONFIRM",
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
},
{
"name": "40690",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40690"
},
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
},
{
"name": "solaris-gdm-information-disclosure(60642)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
},
{
"name": "40780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40780"
},
{
"name": "66643",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/66643"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2010-2387",
"datePublished": "2012-12-21T02:00:00",
"dateReserved": "2010-06-21T00:00:00",
"dateUpdated": "2024-08-07T02:32:16.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16125 (GCVE-0-2020-16125)
Vulnerability from cvelistv5
Published
2020-11-10 04:20
Modified
2024-09-17 03:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gdm/-/issues/642"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GDM3",
"vendor": "Gnome",
"versions": [
{
"lessThan": "3.36.4",
"status": "affected",
"version": "3.36",
"versionType": "custom"
},
{
"lessThan": "3.38.2",
"status": "affected",
"version": "3.38",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kevin Backhouse"
}
],
"datePublic": "2020-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can\u0027t contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-10T04:20:13",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/gdm/-/issues/642"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon"
}
],
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4614-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314"
],
"discovery": "EXTERNAL"
},
"title": "gdm3 would start gnome-initial-setup if it cannot contact accountservice",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-11-06T00:00:00.000Z",
"ID": "CVE-2020-16125",
"STATE": "PUBLIC",
"TITLE": "gdm3 would start gnome-initial-setup if it cannot contact accountservice"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GDM3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.36",
"version_value": "3.36.4"
},
{
"version_affected": "\u003c",
"version_name": "3.38",
"version_value": "3.38.2"
}
]
}
}
]
},
"vendor_name": "Gnome"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kevin Backhouse"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can\u0027t contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/gdm/-/issues/642",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/gdm/-/issues/642"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon",
"refsource": "MISC",
"url": "https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon"
}
]
},
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4614-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-16125",
"datePublished": "2020-11-10T04:20:13.785444Z",
"dateReserved": "2020-07-29T00:00:00",
"dateUpdated": "2024-09-17T03:59:24.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1000002 (GCVE-0-2016-1000002)
Vulnerability from cvelistv5
Published
2019-11-05 13:08
Modified
2024-08-06 03:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
gdm3 3.14.2 and possibly later has an information leak before screen lock
References
| ► | URL | Tags |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:34.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000002.json"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-1000002"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000002"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "gdm3 3.14.2 and possibly later has an information leak before screen lock"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T13:08:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000002.json"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-1000002"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000002"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gdm3 3.14.2 and possibly later has an information leak before screen lock"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000002.json",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000002.json"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2016-1000002",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-1000002"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000002",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000002"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000002",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1000002",
"datePublished": "2019-11-05T13:08:36",
"dateReserved": "2016-06-02T00:00:00",
"dateUpdated": "2024-08-06T03:47:34.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-08-14 18:29
Modified
2024-11-21 03:49
Severity ?
Summary
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/105179 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://gitlab.gnome.org/GNOME/gdm/issues/401 | Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/09/msg00003.html | Mailing List | |
| cve@mitre.org | https://usn.ubuntu.com/3737-1/ | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4270 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105179 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.gnome.org/GNOME/gdm/issues/401 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/09/msg00003.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3737-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4270 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gnome_display_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "223C2173-16DB-49AE-96C0-22C50634255E",
"versionEndIncluding": "3.29.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution."
},
{
"lang": "es",
"value": "El demonio en GDM hasta la versi\u00f3n 3.29.1 no desexporta correctamente objetos display desde su interfaz D-Bus cuando se destruyen. Esto permite que un atacante local desencadene un uso de memoria previamente liberada mediante una secuencia especialmente manipulada de llamadas del m\u00e9todo D-Bus, lo que resulta en una denegaci\u00f3n de servicio (DoS) o en la potencial ejecuci\u00f3n de c\u00f3digo."
}
],
"id": "CVE-2018-14424",
"lastModified": "2024-11-21T03:49:01.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-14T18:29:00.493",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105179"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/gdm/issues/401"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3737-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/gdm/issues/401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3737-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4270"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-24 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 23 | |
| gnome | gnome_display_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5345E71-46CD-4EA8-BEB9-7C586B19A395",
"versionEndIncluding": "3.18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key."
},
{
"lang": "es",
"value": "GNOME Display Manager (gdm) en versiones anteriores a 3.18.2 permite a atacantes f\u00edsicamente pr\u00f3ximos eludir la pantalla de bloqueo manteniendo pulsada la tecla Escape."
}
],
"id": "CVE-2015-7496",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-24T20:59:06.483",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172328.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2015/11/17/10"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2015/11/17/8"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2017:2128"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=758032"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://download.gnome.org/sources/gdm/3.18/gdm-3.18.2.news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172328.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/11/17/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/11/17/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=758032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://download.gnome.org/sources/gdm/3.18/gdm-3.18.2.news"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-21 05:46
Modified
2025-04-11 00:51
Severity ?
Summary
vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gnome_display_manager | 2.20.0 | |
| gnome | gnome_display_manager | 2.20.1 | |
| gnome | gnome_display_manager | 2.20.2 | |
| gnome | gnome_display_manager | 2.20.3 | |
| gnome | gnome_display_manager | 2.20.4 | |
| gnome | gnome_display_manager | 2.20.5 | |
| gnome | gnome_display_manager | 2.20.6 | |
| gnome | gnome_display_manager | 2.20.7 | |
| gnome | gnome_display_manager | 2.20.8 | |
| gnome | gnome_display_manager | 2.20.9 | |
| gnome | gnome_display_manager | 2.20.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8C72BE3-BDD4-4A88-8E2A-7C8224B02F76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "706CCECA-D2FC-40E6-B587-B6E3DD62075D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA2D465-D13D-4871-A15F-BD54C602867D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C53894-4DA5-425F-9DEB-C0371B206FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.4:*:*:*:*:*:*:*",
"matchCriteriaId": "06EB6BB7-9C4E-4D6B-8ED1-3588E290ADEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.5:*:*:*:*:*:*:*",
"matchCriteriaId": "409CA831-8DD2-4ED0-9E46-E6EACA01D818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D80F8AA1-0DBA-4B4A-8003-0977632EB92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "67E978B3-1614-4591-B58E-9BA781AE0BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C5535C17-2D38-49EC-8D44-F99F0B2BEB5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4EA4E1-3B52-4DD1-930D-8E88A2494D22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.10:*:*:*:*:*:*:*",
"matchCriteriaId": "943E0B71-8FC7-46FB-BA5D-E3A2FD78636F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs."
},
{
"lang": "es",
"value": "vicious-extensions/ve-misc.c en GNOME Display Manager (GDM) v2.20.x antes de v2.20.11, cuando la depuraci\u00f3n GDM est\u00e1 habilitada, registra la contrase\u00f1a de usuario cuando contiene caracteres no v\u00e1lidos UTF8 codificados, lo que podr\u00eda permitir a usuarios locales obtener privilegios mediante la lectura de la informaci\u00f3n de los registros de syslog."
}
],
"id": "CVE-2010-2387",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-21T05:46:13.853",
"references": [
{
"source": "secalert_us@oracle.com",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40690"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40780"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"US Government Resource"
],
"url": "http://www.auscert.org.au/13123"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.osvdb.org/66643"
},
{
"source": "secalert_us@oracle.com",
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
},
{
"source": "secalert_us@oracle.com",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
},
{
"source": "secalert_us@oracle.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.auscert.org.au/13123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/66643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-10 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC23F87-6F53-4EF3-B981-FCD612CBE426",
"versionEndIncluding": "2.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0D287796-C4D6-40D0-9ED8-E9B3EFC1CEAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7D676F09-CB94-4CC8-9326-8607ED6A88FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73B19CDB-97D4-46C2-B615-0A95BD58538F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4ABCBE-F45A-438B-BE48-700540806528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9E9130-3342-44E5-A5BE-F167B7188218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9558A75E-A157-4E9F-BE7A-CE362D8E93BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBE3DE7-0C4E-4B87-9C02-FBD3955883E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C799CC-3D88-435F-86BF-8BC5958196AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D0B9EF-B3C1-4D8B-9D3A-83EE6C8C539A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81FC449F-005F-4E90-904F-3B899C1495B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6FC127-1087-47C8-954C-3A02B24F9EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "03EF56BA-8DE7-484D-ABFB-DCBC5358FA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2219648D-2B41-45CC-887B-0E342F5E3500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FEB4077A-4C1F-44CD-8A05-194F6D45032A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.14.9:*:*:*:*:*:*:*",
"matchCriteriaId": "351ABE89-C0B8-4427-853C-1407F8708736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DDF5593E-4F9A-4A67-B4D5-7A8DE19F0E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.14.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C4AD1FDB-19F1-46B2-82CF-E5B484C39DDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.14.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD79F95-9F73-444A-96E5-C0ADDD1D6BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "1D4D4507-237D-433E-8A4F-AE1F2058708B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7725A058-2A84-4D7B-B910-660C16441FBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B79A55A-ACFD-4F3C-8E88-1BE569FD80CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5232B5-728D-44BE-AAA5-151E994BE11F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7A9E40-AABC-4B1B-A1D1-6334F49F8867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "F97B6ACF-DA58-4660-BC0A-A6C0D9F98633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D380C4D-5345-4B28-81A1-F8528CB41771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B50EC69-19E4-4AF9-8AA6-538F1A978FEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F835130F-4D7E-444D-AFE3-8B4B87372096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C4097FC3-4546-451C-8269-15E9BE539A2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6357F2-BCDF-49FD-83BA-16E3AE833896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "61615ECC-C7A1-43B1-9B41-F1C4601EB312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "15B8F7CA-D526-4171-A1F5-3CDC99037B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E94D92-8B07-4DFC-B324-5BB19407D29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8C72BE3-BDD4-4A88-8E2A-7C8224B02F76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "706CCECA-D2FC-40E6-B587-B6E3DD62075D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA2D465-D13D-4871-A15F-BD54C602867D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C53894-4DA5-425F-9DEB-C0371B206FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.4:*:*:*:*:*:*:*",
"matchCriteriaId": "06EB6BB7-9C4E-4D6B-8ED1-3588E290ADEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.5:*:*:*:*:*:*:*",
"matchCriteriaId": "409CA831-8DD2-4ED0-9E46-E6EACA01D818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D80F8AA1-0DBA-4B4A-8003-0977632EB92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "67E978B3-1614-4591-B58E-9BA781AE0BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C5535C17-2D38-49EC-8D44-F99F0B2BEB5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4EA4E1-3B52-4DD1-930D-8E88A2494D22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.10:*:*:*:*:*:*:*",
"matchCriteriaId": "943E0B71-8FC7-46FB-BA5D-E3A2FD78636F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/."
},
{
"lang": "es",
"value": "GNOME Display Manager (gdm) anteriores a 2.21.1 permiten a usuarios locales cambiar permisos de directorios arbitrarios a trav\u00e9s de un ataque de enlaces simb\u00f3licos sobre /tmp/.X11-unix/."
}
],
"id": "CVE-2013-4169",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-10T19:55:11.207",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1213.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54661"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=988498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1213.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=988498"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-26 16:29
Modified
2024-11-21 03:08
Severity ?
4.1 (Medium) - CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
6.4 (Medium) - CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gnome_display_manager | 3.24.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:3.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E8A3E9-3626-4EC8-8EB6-54BBDEF504D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select \u0027login as another user\u0027 to unlock their screen."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad en gdm 3.24.1, en donde gdm greeter no establec\u00eda el valor booleano ran_once durante el inicio autom\u00e1tico de sesi\u00f3n. Si el inicio de sesi\u00f3n autom\u00e1tico estaba habilitado para una v\u00edctima, un atacante podr\u00eda simplemente seleccionar \"login as another user\" para desbloquear su pantalla."
}
],
"id": "CVE-2017-12164",
"lastModified": "2024-11-21T03:08:57.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 0.7,
"impactScore": 3.4,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-26T16:29:00.327",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-592"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-29 14:38
Modified
2025-04-12 10:46
Severity ?
Summary
GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gnome_display_manager | * | |
| gnome | gnome_display_manager | 3.0.0 | |
| gnome | gnome_display_manager | 3.0.2 | |
| gnome | gnome_display_manager | 3.0.3 | |
| gnome | gnome_display_manager | 3.0.4 | |
| gnome | gnome_display_manager | 3.1.2 | |
| gnome | gnome_display_manager | 3.1.90 | |
| gnome | gnome_display_manager | 3.1.91 | |
| gnome | gnome_display_manager | 3.1.92 | |
| gnome | gnome_display_manager | 3.2.0 | |
| gnome | gnome_display_manager | 3.2.1 | |
| gnome | gnome_display_manager | 3.2.1.1 | |
| gnome | gnome_display_manager | 3.3.92 | |
| gnome | gnome_display_manager | 3.3.92.1 | |
| gnome | gnome_display_manager | 3.4.0 | |
| gnome | gnome_display_manager | 3.4.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A03CEC5C-0531-471B-BBC5-875594C023E0",
"versionEndIncluding": "3.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A924803A-0B83-4B1B-ABDC-A70DA177083E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1363D67-26B1-4953-9057-6791BB10EBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBD92F2-8DD0-401A-A767-DF86AFEFA503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D1E0F9CF-17D7-48D5-A424-1083ED2955F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D23E1E2B-7F86-4F73-B173-A65C564EFFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:3.1.90:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8CD7CA-3AE2-4150-A69A-E92CC9A45F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:3.1.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0237EC90-AAED-434A-A1F0-BEFF2753CC05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:3.1.92:*:*:*:*:*:*:*",
"matchCriteriaId": "D955B0D8-F0A2-4081-80D7-6EBEB1085E6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96AD9BD6-C298-4737-843F-C114C77D579C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B94C88A-E9DE-4535-9E8E-A8271E805B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:3.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E51F953-63A6-4DAC-AA05-54277D052971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:3.3.92:*:*:*:*:*:*:*",
"matchCriteriaId": "EE255193-9B22-448A-A8FA-B0ED0F98CFEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:3.3.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6111034-0898-45CC-9A3A-17176C671BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5315E37D-5C32-47FA-B358-DB14C064BC36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:3.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA75FBE-113F-4ED5-BBB7-A889CE9B3091",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name."
},
{
"lang": "es",
"value": "GNOME Display Manager (gdm) 3.4.1 y anteriores, cuando \"disable-user-list\" est\u00e1 configurado como \"true\", permite a usuarios locales causar una denegaci\u00f3n de servicio (incapacidad de iniciar sesi\u00f3n) al pulsar el bot\u00f3n Cancel despu\u00e9s de escribir un nombre de usuario."
}
],
"id": "CVE-2013-7273",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-29T14:38:49.857",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/01/07/10"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/01/07/16"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=704284"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/01/07/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/01/07/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=704284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050745"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-06 20:29
Modified
2024-11-21 04:42
Severity ?
6.3 (Medium) - CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825 | Exploit, Issue Tracking, Mitigation, Third Party Advisory | |
| secalert@redhat.com | https://usn.ubuntu.com/3892-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825 | Exploit, Issue Tracking, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3892-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gnome_display_manager | * | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| redhat | enterprise_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91D07F22-A0D8-41BE-BE1A-A5A81E8306AA",
"versionEndExcluding": "3.31.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user\u0027s session."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad en gdm en versiones anteriores a la 3.31.4. Cuando el inicio de sesi\u00f3n temporal est\u00e1 habilitado en la configuraci\u00f3n, un atacante podr\u00eda omitir la pantalla de bloqueo, seleccionando el usuario de inicio de sesi\u00f3n temporal y esperando a que se agote el tiempo. En ese momento, obtendr\u00eda acceso a la sesi\u00f3n del usuario que ha iniciado sesi\u00f3n."
}
],
"id": "CVE-2019-3825",
"lastModified": "2024-11-21T04:42:37.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.4,
"impactScore": 5.9,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-06T20:29:00.447",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3892-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3892-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-28 19:15
Modified
2024-11-21 05:21
Severity ?
Summary
A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1906812 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1906812 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gnome_display_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8BA638-2AED-48BA-BB9D-CD8BEAD2BA9D",
"versionEndExcluding": "3.38.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en GDM en versiones anteriores a 3.38.2.1.\u0026#xa0;Una condici\u00f3n de carrera en el manejo del cierre de sesi\u00f3n hace posible omitir la pantalla de bloqueo para un usuario que tiene habilitado el inicio de sesi\u00f3n autom\u00e1tico accediendo a su sesi\u00f3n sin autenticaci\u00f3n.\u0026#xa0;Esto es similar a CVE-2017-12164, pero requiere condiciones m\u00e1s dif\u00edciles de explotar"
}
],
"id": "CVE-2020-27837",
"lastModified": "2024-11-21T05:21:54.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-28T19:15:13.063",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906812"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-10 05:15
Modified
2024-11-21 05:06
Severity ?
7.2 (High) - CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@ubuntu.com | https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314 | Third Party Advisory | |
| security@ubuntu.com | https://gitlab.gnome.org/GNOME/gdm/-/issues/642 | Exploit, Vendor Advisory | |
| security@ubuntu.com | https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.gnome.org/GNOME/gdm/-/issues/642 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gnome_display_manager | * | |
| gnome | gnome_display_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "475F1B20-AB5C-4B5B-80D7-437291D4D31F",
"versionEndExcluding": "3.36.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA7964B-BB51-4E2F-8400-F4B29DF9C0B1",
"versionEndExcluding": "3.38.2",
"versionStartIncluding": "3.38.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can\u0027t contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account."
},
{
"lang": "es",
"value": "gdm3 versiones anteriores a 3.36.2 o 3.38.2, comenzar\u00eda la configuraci\u00f3n inicial de gnom si gdm3 no puede ponerse en contacto con el servicio de cuentas por medio de dbus de manera oportuna; en Ubuntu (y potencialmente en sus derivados) esto podr\u00eda enlazarse con un problema adicional que podr\u00eda permitir a un usuario local crear una nueva cuenta privilegiada"
}
],
"id": "CVE-2020-16125",
"lastModified": "2024-11-21T05:06:48.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 6.0,
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-10T05:15:11.893",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314"
},
{
"source": "security@ubuntu.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/gdm/-/issues/642"
},
{
"source": "security@ubuntu.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/gdm/-/issues/642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-05 14:15
Modified
2024-11-21 02:42
Severity ?
Summary
gdm3 3.14.2 and possibly later has an information leak before screen lock
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gnome_display_manager | 3.14.2 | |
| redhat | enterprise_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| opensuse | leap | 42.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gnome_display_manager:3.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "70564989-0037-45C5-8AB7-D4E8045DCC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "gdm3 3.14.2 and possibly later has an information leak before screen lock"
},
{
"lang": "es",
"value": "gdm3 versi\u00f3n 3.14.2 y posiblemente despu\u00e9s, tiene una filtrado de informaci\u00f3n antes del bloqueo de pantalla"
}
],
"id": "CVE-2016-1000002",
"lastModified": "2024-11-21T02:42:49.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-05T14:15:13.367",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000002"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000002"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000002.json"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-1000002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000002.json"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-1000002"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}