CVEs (4)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
2Debian Gnome2Debian Linux Gnome KeyringNov 21, 2024 Dec 20, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function |
3Canonical GnomeOracle3Gnome Keyring Ubuntu LinuxZfs Storage Appliance KitNov 21, 2024 Feb 12, 2019 N/A· v4 7.8 HIGH· v3 2.1 LOW· v2 In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext. |
GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that th...Show more |
GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via un...Show more |