Search CVE reports
1 – 10 of 20 results
CVE-2020-27837
Low priorityA flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without...
1 affected package
gdm3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gdm3 | Not affected | Vulnerable | Vulnerable | Not affected | Not affected |
CVE-2020-16125
Medium prioritySome fixes available 11 of 12
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with...
1 affected package
gdm3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gdm3 | Fixed | Fixed | Fixed | Fixed | Vulnerable |
CVE-2016-1000002
Low prioritygdm3 3.14.2 and possibly later has an information leak before screen lock
1 affected package
gdm3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gdm3 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2019-3825
Medium prioritySome fixes available 14 of 15
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they...
1 affected package
gdm3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gdm3 | Fixed | Fixed | Fixed | Fixed | Vulnerable |
CVE-2018-14424
Medium prioritySome fixes available 14 of 15
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus...
1 affected package
gdm3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gdm3 | Fixed | Fixed | Fixed | Fixed | Vulnerable |
CVE-2017-12164
Medium priorityA flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.
1 affected package
gdm3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gdm3 | — | — | — | — | Not affected |
CVE-2015-7496
Medium priorityGNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.
2 affected packages
gdm, gdm3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gdm | — | — | — | Not in release | Not in release |
gdm3 | — | — | — | Not affected | Not affected |
CVE-2012-6648
Medium prioritySome fixes available 7 of 8
gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier...
2 affected packages
gdm-guest-session, lightdm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gdm-guest-session | — | — | — | — | — |
lightdm | — | — | — | — | — |
CVE-2011-4970
Medium priorityMultiple SQL injection vulnerabilities in LCG Disk Pool Manager (DPM) before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the (1) r_token variable in the dpm_get_pending_req_by_token, (2)...
2 affected packages
dpm, lcgdm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dpm | Not in release | Not in release | Not in release | Not in release | Not in release |
lcgdm | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
CVE-2013-7273
Medium priorityGNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.
1 affected package
gdm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gdm | — | — | — | Not in release | Not in release |