Gnome Display Manager

gnome_display_manager

Vendor: Gnome • 10 CVEs

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-27837 1Gnome 1Gnome Display Manager Nov 21, 2024 Dec 28, 2020 N/A· v4 6.4 MEDIUM· v3 4.4 MEDIUM· v2 A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session witho...Show more A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.Show less
CVE-2020-16125 1Gnome 1Gnome Display Manager Nov 21, 2024 Nov 10, 2020 N/A· v4 6.8 MEDIUM· v3 4.6 MEDIUM· v2 gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an...Show more gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.Show less
CVE-2016-1000002 4Debian GnomeOpensuse+1 more 4Debian Linux Enterprise LinuxGnome Display Manager+1 more Nov 21, 2024 Nov 5, 2019 N/A· v4 2.4 LOW· v3 2.1 LOW· v2 gdm3 3.14.2 and possibly later has an information leak before screen lock
CVE-2019-3825 3Canonical GnomeRedhat 3Enterprise Linux Gnome Display ManagerUbuntu Linux Nov 21, 2024 Feb 6, 2019 N/A· v4 6.4 MEDIUM· v3 6.9 MEDIUM· v2 A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which...Show more A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.Show less
CVE-2018-14424 1Gnome 1Gnome Display Manager Nov 21, 2024 Aug 14, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of...Show more The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.Show less
CVE-2017-12164 1Gnome 1Gnome Display Manager Nov 21, 2024 Jul 26, 2018 N/A· v4 6.4 MEDIUM· v3 6.9 MEDIUM· v2 A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock...Show more A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.Show less
CVE-2015-7496 2Fedoraproject Gnome 2Fedora Gnome Display Manager May 6, 2026 Nov 24, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.
CVE-2013-7273 1Gnome 1Gnome Display Manager May 6, 2026 Apr 29, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.
CVE-2013-4169 1Gnome 1Gnome Display Manager Apr 29, 2026 Sep 10, 2013 N/A· v4 N/A· v3 6.9 MEDIUM· v2 GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.
CVE-2010-2387 1Gnome 1Gnome Display Manager Apr 29, 2026 Dec 21, 2012 N/A· v4 N/A· v3 1.9 LOW· v2 vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain...Show more vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.Show less