← Back

Lightdm

lightdm

Vendor: Lightdm Project • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2011-3349
1Lightdm Project
1Lightdm
Nov 21, 2024
Nov 19, 2019
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privile...Show more
lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.Show less
CVE-2015-8316
1Lightdm Project
1Lightdm
May 13, 2026
Sep 6, 2017
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service (process crash) via an XDMCP request packet with...Show more
Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service (process crash) via an XDMCP request packet with no address.Show less
CVE-2017-8900
1Lightdm Project
1Lightdm
May 13, 2026
May 12, 2017
N/A· v4
4.6 MEDIUM· v3
2.1 LOW· v2
LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a gu...Show more
LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session.Show less
CVE-2017-7358
2Canonical
Lightdm Project
2Lightdm
Ubuntu Linux
May 13, 2026
Apr 5, 2017
N/A· v4
7.3 HIGH· v3
6.9 MEDIUM· v2
In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.