Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Gdm Security Vulnerabilities

cve
cve

CVE-2019-3825

A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's...

6.4CVSS

6.5AI Score

0.001EPSS

2019-02-06 08:29 PM
126
cve
cve

CVE-2017-12164

A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their...

6.4CVSS

6.1AI Score

0.001EPSS

2018-07-26 04:29 PM
36
cve
cve

CVE-2012-6648

gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different...

6.1AI Score

0.0004EPSS

2014-05-22 11:55 PM
15
cve
cve

CVE-2011-1709

GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME...

6.3AI Score

0.0004EPSS

2011-06-14 05:55 PM
30
cve
cve

CVE-2011-0727

GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under...

8.5AI Score

0.0004EPSS

2011-03-31 10:55 PM
36
cve
cve

CVE-2009-2697

The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than...

6.4AI Score

0.011EPSS

2009-09-04 08:30 PM
27
cve
cve

CVE-2007-3381

The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted....

5.9AI Score

0.0004EPSS

2007-08-07 10:17 AM
21
cve
cve

CVE-2006-6105

Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error...

7.1AI Score

0.0004EPSS

2006-12-15 02:28 AM
29
cve
cve

CVE-2006-2452

GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional...

6.5AI Score

0.0004EPSS

2006-06-09 10:02 AM
21
cve
cve

CVE-2006-1057

Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority...

6.2AI Score

0.0004EPSS

2006-04-25 01:02 AM
38
cve
cve

CVE-2003-0793

GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory...

6.5AI Score

0.001EPSS

2003-11-17 05:00 AM
29
cve
cve

CVE-2003-0794

GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the...

6.8AI Score

0.001EPSS

2003-11-17 05:00 AM
21
cve
cve

CVE-2003-0547

GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors...

6.3AI Score

0.0004EPSS

2003-08-27 04:00 AM
24
cve
cve

CVE-2003-0549

The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key...

6.5AI Score

0.004EPSS

2003-08-27 04:00 AM
30
cve
cve

CVE-2003-0548

The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than...

6.6AI Score

0.004EPSS

2003-08-27 04:00 AM
26
cve
cve

CVE-2000-0504

libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING...

7.4AI Score

0.024EPSS

2000-06-19 04:00 AM
18
cve
cve

CVE-2000-0491

Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY...

8.3AI Score

0.071EPSS

2000-05-24 04:00 AM
27
cve
cve

CVE-1999-0990

Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a...

7.2AI Score

0.0004EPSS

1999-12-05 05:00 AM
31