Gdm

gdm

Vendor: Gnome • 15 CVEs

CVEs (15)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2011-1709 1Gnome 1Gdm Apr 29, 2026 Jun 14, 2011 N/A· v4 N/A· v3 7.2 HIGH· v2 GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handle...Show more GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.Show less
CVE-2011-0727 1Gnome 1Gdm Apr 29, 2026 Mar 31, 2011 N/A· v4 N/A· v3 6.9 MEDIUM· v2 GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
CVE-2009-2697 1Gnome 1Gdm Apr 23, 2026 Sep 4, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via...Show more The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.Show less
CVE-2007-3381 1Gnome 1Gdm Apr 23, 2026 Aug 7, 2007 N/A· v4 N/A· v3 1.5 LOW· v2 The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows lo...Show more The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.Show less
CVE-2006-6105 1Gnome 1Gdm Apr 23, 2026 Dec 15, 2006 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an...Show more Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.Show less
CVE-2006-2452 1Gnome 1Gdm Apr 16, 2026 Jun 9, 2006 N/A· v4 N/A· v3 3.7 LOW· v2 GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can b...Show more GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.Show less
CVE-2006-1057 1Gnome 1Gdm Apr 16, 2026 Apr 25, 2006 N/A· v4 N/A· v3 3.7 LOW· v2 Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
CVE-2003-0794 1Gnome 1Gdm Apr 16, 2026 Nov 17, 2003 N/A· v4 N/A· v3 2.1 LOW· v2 GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) b...Show more GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.Show less
CVE-2003-0793 1Gnome 1Gdm Apr 16, 2026 Nov 17, 2003 N/A· v4 N/A· v3 2.1 LOW· v2 GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).
CVE-2003-0549 2Gnome Redhat 4Enterprise Linux GdmKdebase+1 more Apr 16, 2026 Aug 27, 2003 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.
CVE-2003-0548 2Gnome Redhat 4Enterprise Linux GdmKdebase+1 more Apr 16, 2026 Aug 27, 2003 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.
CVE-2003-0547 2Gnome Redhat 2Gdm Kdebase Apr 16, 2026 Aug 27, 2003 N/A· v4 N/A· v3 2.1 LOW· v2 GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.
CVE-2000-0504 3Gnome Open GroupXfree86 Project 3Gdm XX11r6 Apr 16, 2026 Jun 19, 2000 N/A· v4 N/A· v3 5.0 MEDIUM· v2 libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
CVE-2000-0491 3Caldera GnomeSuse 3Gdm OpenlinuxSuse Linux Apr 16, 2026 May 24, 2000 N/A· v4 N/A· v3 10.0 HIGH· v2 Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
CVE-1999-0990 1Gnome 1Gdm Apr 16, 2026 Dec 5, 1999 N/A· v4 N/A· v3 2.1 LOW· v2 Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.