Search

Find a vulnerability

Search criteria

    20 vulnerabilities found for gnome_display_manager by gnome

    CVE-2020-27837 (GCVE-0-2020-27837)

    Vulnerability from nvd – Published: 2020-12-28 18:34 – Updated: 2024-08-04 16:25
    VLAI
    Summary
    A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a gdm Affected: prior to 3.38.2.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:25:43.322Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906812"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "gdm",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 3.38.2.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-362",
                  "description": "CWE-362",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-28T18:34:04.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906812"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2020-27837",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "gdm",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 3.38.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-362"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1906812",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906812"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2020-27837",
        "datePublished": "2020-12-28T18:34:04.000Z",
        "dateReserved": "2020-10-27T00:00:00.000Z",
        "dateUpdated": "2024-08-04T16:25:43.322Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-16125 (GCVE-0-2020-16125)

    Vulnerability from nvd – Published: 2020-11-10 04:20 – Updated: 2024-09-17 03:59
    VLAI
    Title
    gdm3 would start gnome-initial-setup if it cannot contact accountservice
    Summary
    gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    Impacted products
    Vendor Product Version
    Gnome GDM3 Affected: 3.36 , < 3.36.4 (custom)
    Affected: 3.38 , < 3.38.2 (custom)
    Create a notification for this product.
    Date Public
    2020-11-06 00:00
    Credits
    Kevin Backhouse
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:37:53.357Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.gnome.org/GNOME/gdm/-/issues/642"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GDM3",
              "vendor": "Gnome",
              "versions": [
                {
                  "lessThan": "3.36.4",
                  "status": "affected",
                  "version": "3.36",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.38.2",
                  "status": "affected",
                  "version": "3.38",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Kevin Backhouse"
            }
          ],
          "datePublic": "2020-11-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can\u0027t contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-10T04:20:13.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.gnome.org/GNOME/gdm/-/issues/642"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon"
            }
          ],
          "source": {
            "advisory": "https://ubuntu.com/security/notices/USN-4614-1",
            "defect": [
              "https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "gdm3 would start gnome-initial-setup if it cannot contact accountservice",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "DATE_PUBLIC": "2020-11-06T00:00:00.000Z",
              "ID": "CVE-2020-16125",
              "STATE": "PUBLIC",
              "TITLE": "gdm3 would start gnome-initial-setup if it cannot contact accountservice"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GDM3",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.36",
                                "version_value": "3.36.4"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.38",
                                "version_value": "3.38.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Gnome"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Kevin Backhouse"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can\u0027t contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.gnome.org/GNOME/gdm/-/issues/642",
                  "refsource": "MISC",
                  "url": "https://gitlab.gnome.org/GNOME/gdm/-/issues/642"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314",
                  "refsource": "MISC",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314"
                },
                {
                  "name": "https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon",
                  "refsource": "MISC",
                  "url": "https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon"
                }
              ]
            },
            "source": {
              "advisory": "https://ubuntu.com/security/notices/USN-4614-1",
              "defect": [
                "https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2020-16125",
        "datePublished": "2020-11-10T04:20:13.785Z",
        "dateReserved": "2020-07-29T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:59:24.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1000002 (GCVE-0-2016-1000002)

    Vulnerability from nvd – Published: 2019-11-05 13:08 – Updated: 2024-08-06 03:47
    VLAI
    Summary
    gdm3 3.14.2 and possibly later has an information leak before screen lock
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T03:47:34.868Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000002.json"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000002"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000002"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000002"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "gdm3 3.14.2 and possibly later has an information leak before screen lock"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-05T13:08:36.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000002.json"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000002"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000002"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000002"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-1000002",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "gdm3 3.14.2 and possibly later has an information leak before screen lock"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000002.json",
                  "refsource": "MISC",
                  "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000002.json"
                },
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2016-1000002",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000002"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000002",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000002"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000002",
                  "refsource": "MISC",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000002"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-1000002",
        "datePublished": "2019-11-05T13:08:36.000Z",
        "dateReserved": "2016-06-02T00:00:00.000Z",
        "dateUpdated": "2024-08-06T03:47:34.868Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3825 (GCVE-0-2019-3825)

    Vulnerability from nvd – Published: 2019-02-06 20:00 – Updated: 2024-08-04 19:19
    VLAI
    Summary
    A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.
    CWE
    Assigner
    References
    URL Tags
    https://usn.ubuntu.com/3892-1/ vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    The Gnome Projectr gdm Affected: 3.31.4
    Create a notification for this product.
    Date Public
    2019-02-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:18.680Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3892-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3892-1/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "gdm",
              "vendor": "The Gnome Projectr",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.31.4"
                }
              ]
            }
          ],
          "datePublic": "2019-02-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user\u0027s session."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-21T10:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-3892-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3892-1/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2019-3825",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "gdm",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.31.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "The Gnome Projectr"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user\u0027s session."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "6.3/CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                    "version": "3.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3892-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3892-1/"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2019-3825",
        "datePublished": "2019-02-06T20:00:00.000Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:19:18.680Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14424 (GCVE-0-2018-14424)

    Vulnerability from nvd – Published: 2018-08-14 16:00 – Updated: 2024-08-05 09:29
    VLAI
    Summary
    The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://gitlab.gnome.org/GNOME/gdm/issues/401 x_refsource_CONFIRM
    https://usn.ubuntu.com/3737-1/ vendor-advisoryx_refsource_UBUNTU
    https://www.debian.org/security/2018/dsa-4270 vendor-advisoryx_refsource_DEBIAN
    http://www.securityfocus.com/bid/105179 vdb-entryx_refsource_BID
    Date Public
    2018-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:29:51.661Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20180905 [SECURITY] [DLA 1494-1] gdm3 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00003.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://gitlab.gnome.org/GNOME/gdm/issues/401"
              },
              {
                "name": "USN-3737-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3737-1/"
              },
              {
                "name": "DSA-4270",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4270"
              },
              {
                "name": "105179",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105179"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-06T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20180905 [SECURITY] [DLA 1494-1] gdm3 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00003.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://gitlab.gnome.org/GNOME/gdm/issues/401"
            },
            {
              "name": "USN-3737-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3737-1/"
            },
            {
              "name": "DSA-4270",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4270"
            },
            {
              "name": "105179",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105179"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-14424",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20180905 [SECURITY] [DLA 1494-1] gdm3 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00003.html"
                },
                {
                  "name": "https://gitlab.gnome.org/GNOME/gdm/issues/401",
                  "refsource": "CONFIRM",
                  "url": "https://gitlab.gnome.org/GNOME/gdm/issues/401"
                },
                {
                  "name": "USN-3737-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3737-1/"
                },
                {
                  "name": "DSA-4270",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4270"
                },
                {
                  "name": "105179",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105179"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-14424",
        "datePublished": "2018-08-14T16:00:00.000Z",
        "dateReserved": "2018-07-19T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:29:51.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-12164 (GCVE-0-2017-12164)

    Vulnerability from nvd – Published: 2018-07-26 16:00 – Updated: 2024-08-05 18:28
    VLAI
    Summary
    A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    GNOME gdm Affected: 3.24.1
    Create a notification for this product.
    Date Public
    2017-09-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:28:16.573Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "gdm",
              "vendor": "GNOME",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.24.1"
                }
              ]
            }
          ],
          "datePublic": "2017-09-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select \u0027login as another user\u0027 to unlock their screen."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-592",
                  "description": "CWE-592",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-26T15:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2017-12164",
        "datePublished": "2018-07-26T16:00:00.000Z",
        "dateReserved": "2017-08-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T18:28:16.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7496 (GCVE-0-2015-7496)

    Vulnerability from nvd – Published: 2015-11-24 20:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-11-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:28.109Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2015-271025c598",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172328.html"
              },
              {
                "name": "[oss-security] 20151117 Re: CVE request for Gnome gdm/screen lock crash",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/17/10"
              },
              {
                "name": "RHSA-2017:2128",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2128"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://download.gnome.org/sources/gdm/3.18/gdm-3.18.2.news"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=758032"
              },
              {
                "name": "[oss-security] 20151117 CVE request for Gnome gdm/screen lock crash",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/17/8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "FEDORA-2015-271025c598",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172328.html"
            },
            {
              "name": "[oss-security] 20151117 Re: CVE request for Gnome gdm/screen lock crash",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/17/10"
            },
            {
              "name": "RHSA-2017:2128",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2128"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://download.gnome.org/sources/gdm/3.18/gdm-3.18.2.news"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=758032"
            },
            {
              "name": "[oss-security] 20151117 CVE request for Gnome gdm/screen lock crash",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/17/8"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2015-7496",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "FEDORA-2015-271025c598",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172328.html"
                },
                {
                  "name": "[oss-security] 20151117 Re: CVE request for Gnome gdm/screen lock crash",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/17/10"
                },
                {
                  "name": "RHSA-2017:2128",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2128"
                },
                {
                  "name": "https://download.gnome.org/sources/gdm/3.18/gdm-3.18.2.news",
                  "refsource": "CONFIRM",
                  "url": "https://download.gnome.org/sources/gdm/3.18/gdm-3.18.2.news"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=758032",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=758032"
                },
                {
                  "name": "[oss-security] 20151117 CVE request for Gnome gdm/screen lock crash",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/17/8"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7496",
        "datePublished": "2015-11-24T20:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:28.109Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-7273 (GCVE-0-2013-7273)

    Vulnerability from nvd – Published: 2014-04-29 14:00 – Updated: 2024-08-06 18:01
    VLAI
    Summary
    GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-01-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:01:20.442Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/01/07/10"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=704284"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338"
              },
              {
                "name": "[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/01/07/16"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050745"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-01-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-04-29T12:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/01/07/10"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=704284"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338"
            },
            {
              "name": "[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/01/07/16"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050745"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-7273",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/01/07/10"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=704284",
                  "refsource": "MISC",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=704284"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338"
                },
                {
                  "name": "[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/01/07/16"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1050745",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050745"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-7273",
        "datePublished": "2014-04-29T14:00:00.000Z",
        "dateReserved": "2014-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:01:20.442Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4169 (GCVE-0-2013-4169)

    Vulnerability from nvd – Published: 2013-09-10 19:00 – Updated: 2024-09-16 19:04
    VLAI
    Summary
    GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://bugzilla.redhat.com/bugzilla/show_bug.cgi… x_refsource_CONFIRM
    http://secunia.com/advisories/54661 third-party-advisoryx_refsource_SECUNIA
    http://rhn.redhat.com/errata/RHSA-2013-1213.html vendor-advisoryx_refsource_REDHAT
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:38:00.943Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=988498"
              },
              {
                "name": "54661",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/54661"
              },
              {
                "name": "RHSA-2013:1213",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-1213.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-09-10T19:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=988498"
            },
            {
              "name": "54661",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/54661"
            },
            {
              "name": "RHSA-2013:1213",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1213.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-4169",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=988498",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=988498"
                },
                {
                  "name": "54661",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/54661"
                },
                {
                  "name": "RHSA-2013:1213",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2013-1213.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-4169",
        "datePublished": "2013-09-10T19:00:00.000Z",
        "dateReserved": "2013-06-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:04:55.123Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2387 (GCVE-0-2010-2387)

    Vulnerability from nvd – Published: 2012-12-21 02:00 – Updated: 2024-08-07 02:32
    VLAI
    Summary
    vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://bugzilla.gnome.org/show_bug.cgi?id=571846 x_refsource_CONFIRM
    http://www.auscert.org.au/13123 third-party-advisoryx_refsource_AUSCERT
    https://blogs.oracle.com/sunsecurity/entry/cve_20… x_refsource_CONFIRM
    http://secunia.com/advisories/40690 third-party-advisoryx_refsource_SECUNIA
    http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/g… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/40780 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/66643 vdb-entryx_refsource_OSVDB
    Date Public
    2009-02-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:32:16.591Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
              },
              {
                "name": "ASB-2010.0184",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_AUSCERT",
                  "x_transferred"
                ],
                "url": "http://www.auscert.org.au/13123"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
              },
              {
                "name": "40690",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/40690"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
              },
              {
                "name": "solaris-gdm-information-disclosure(60642)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
              },
              {
                "name": "40780",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/40780"
              },
              {
                "name": "66643",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/66643"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-02-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
            },
            {
              "name": "ASB-2010.0184",
              "tags": [
                "third-party-advisory",
                "x_refsource_AUSCERT"
              ],
              "url": "http://www.auscert.org.au/13123"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
            },
            {
              "name": "40690",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/40690"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
            },
            {
              "name": "solaris-gdm-information-disclosure(60642)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
            },
            {
              "name": "40780",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/40780"
            },
            {
              "name": "66643",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/66643"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2010-2387",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=571846",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
                },
                {
                  "name": "ASB-2010.0184",
                  "refsource": "AUSCERT",
                  "url": "http://www.auscert.org.au/13123"
                },
                {
                  "name": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure",
                  "refsource": "CONFIRM",
                  "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
                },
                {
                  "name": "40690",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/40690"
                },
                {
                  "name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes",
                  "refsource": "CONFIRM",
                  "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
                },
                {
                  "name": "solaris-gdm-information-disclosure(60642)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
                },
                {
                  "name": "40780",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/40780"
                },
                {
                  "name": "66643",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/66643"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2010-2387",
        "datePublished": "2012-12-21T02:00:00.000Z",
        "dateReserved": "2010-06-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:32:16.591Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-27837 (GCVE-0-2020-27837)

    Vulnerability from cvelistv5 – Published: 2020-12-28 18:34 – Updated: 2024-08-04 16:25
    VLAI
    Summary
    A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a gdm Affected: prior to 3.38.2.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:25:43.322Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906812"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "gdm",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 3.38.2.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-362",
                  "description": "CWE-362",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-28T18:34:04.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906812"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2020-27837",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "gdm",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 3.38.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-362"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1906812",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906812"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2020-27837",
        "datePublished": "2020-12-28T18:34:04.000Z",
        "dateReserved": "2020-10-27T00:00:00.000Z",
        "dateUpdated": "2024-08-04T16:25:43.322Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-16125 (GCVE-0-2020-16125)

    Vulnerability from cvelistv5 – Published: 2020-11-10 04:20 – Updated: 2024-09-17 03:59
    VLAI
    Title
    gdm3 would start gnome-initial-setup if it cannot contact accountservice
    Summary
    gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    Impacted products
    Vendor Product Version
    Gnome GDM3 Affected: 3.36 , < 3.36.4 (custom)
    Affected: 3.38 , < 3.38.2 (custom)
    Create a notification for this product.
    Date Public
    2020-11-06 00:00
    Credits
    Kevin Backhouse
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:37:53.357Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.gnome.org/GNOME/gdm/-/issues/642"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GDM3",
              "vendor": "Gnome",
              "versions": [
                {
                  "lessThan": "3.36.4",
                  "status": "affected",
                  "version": "3.36",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.38.2",
                  "status": "affected",
                  "version": "3.38",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Kevin Backhouse"
            }
          ],
          "datePublic": "2020-11-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can\u0027t contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-10T04:20:13.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.gnome.org/GNOME/gdm/-/issues/642"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon"
            }
          ],
          "source": {
            "advisory": "https://ubuntu.com/security/notices/USN-4614-1",
            "defect": [
              "https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "gdm3 would start gnome-initial-setup if it cannot contact accountservice",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "DATE_PUBLIC": "2020-11-06T00:00:00.000Z",
              "ID": "CVE-2020-16125",
              "STATE": "PUBLIC",
              "TITLE": "gdm3 would start gnome-initial-setup if it cannot contact accountservice"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GDM3",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.36",
                                "version_value": "3.36.4"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.38",
                                "version_value": "3.38.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Gnome"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Kevin Backhouse"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can\u0027t contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.gnome.org/GNOME/gdm/-/issues/642",
                  "refsource": "MISC",
                  "url": "https://gitlab.gnome.org/GNOME/gdm/-/issues/642"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314",
                  "refsource": "MISC",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314"
                },
                {
                  "name": "https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon",
                  "refsource": "MISC",
                  "url": "https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon"
                }
              ]
            },
            "source": {
              "advisory": "https://ubuntu.com/security/notices/USN-4614-1",
              "defect": [
                "https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2020-16125",
        "datePublished": "2020-11-10T04:20:13.785Z",
        "dateReserved": "2020-07-29T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:59:24.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1000002 (GCVE-0-2016-1000002)

    Vulnerability from cvelistv5 – Published: 2019-11-05 13:08 – Updated: 2024-08-06 03:47
    VLAI
    Summary
    gdm3 3.14.2 and possibly later has an information leak before screen lock
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T03:47:34.868Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000002.json"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000002"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000002"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000002"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "gdm3 3.14.2 and possibly later has an information leak before screen lock"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-05T13:08:36.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000002.json"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000002"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000002"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000002"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-1000002",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "gdm3 3.14.2 and possibly later has an information leak before screen lock"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000002.json",
                  "refsource": "MISC",
                  "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000002.json"
                },
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2016-1000002",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000002"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000002",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000002"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000002",
                  "refsource": "MISC",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000002"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-1000002",
        "datePublished": "2019-11-05T13:08:36.000Z",
        "dateReserved": "2016-06-02T00:00:00.000Z",
        "dateUpdated": "2024-08-06T03:47:34.868Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3825 (GCVE-0-2019-3825)

    Vulnerability from cvelistv5 – Published: 2019-02-06 20:00 – Updated: 2024-08-04 19:19
    VLAI
    Summary
    A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.
    CWE
    Assigner
    References
    URL Tags
    https://usn.ubuntu.com/3892-1/ vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    The Gnome Projectr gdm Affected: 3.31.4
    Create a notification for this product.
    Date Public
    2019-02-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:18.680Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3892-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3892-1/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "gdm",
              "vendor": "The Gnome Projectr",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.31.4"
                }
              ]
            }
          ],
          "datePublic": "2019-02-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user\u0027s session."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-21T10:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-3892-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3892-1/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2019-3825",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "gdm",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.31.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "The Gnome Projectr"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user\u0027s session."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "6.3/CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                    "version": "3.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3892-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3892-1/"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2019-3825",
        "datePublished": "2019-02-06T20:00:00.000Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:19:18.680Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14424 (GCVE-0-2018-14424)

    Vulnerability from cvelistv5 – Published: 2018-08-14 16:00 – Updated: 2024-08-05 09:29
    VLAI
    Summary
    The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://gitlab.gnome.org/GNOME/gdm/issues/401 x_refsource_CONFIRM
    https://usn.ubuntu.com/3737-1/ vendor-advisoryx_refsource_UBUNTU
    https://www.debian.org/security/2018/dsa-4270 vendor-advisoryx_refsource_DEBIAN
    http://www.securityfocus.com/bid/105179 vdb-entryx_refsource_BID
    Date Public
    2018-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:29:51.661Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20180905 [SECURITY] [DLA 1494-1] gdm3 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00003.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://gitlab.gnome.org/GNOME/gdm/issues/401"
              },
              {
                "name": "USN-3737-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3737-1/"
              },
              {
                "name": "DSA-4270",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4270"
              },
              {
                "name": "105179",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105179"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-06T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20180905 [SECURITY] [DLA 1494-1] gdm3 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00003.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://gitlab.gnome.org/GNOME/gdm/issues/401"
            },
            {
              "name": "USN-3737-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3737-1/"
            },
            {
              "name": "DSA-4270",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4270"
            },
            {
              "name": "105179",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105179"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-14424",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20180905 [SECURITY] [DLA 1494-1] gdm3 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00003.html"
                },
                {
                  "name": "https://gitlab.gnome.org/GNOME/gdm/issues/401",
                  "refsource": "CONFIRM",
                  "url": "https://gitlab.gnome.org/GNOME/gdm/issues/401"
                },
                {
                  "name": "USN-3737-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3737-1/"
                },
                {
                  "name": "DSA-4270",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4270"
                },
                {
                  "name": "105179",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105179"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-14424",
        "datePublished": "2018-08-14T16:00:00.000Z",
        "dateReserved": "2018-07-19T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:29:51.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-12164 (GCVE-0-2017-12164)

    Vulnerability from cvelistv5 – Published: 2018-07-26 16:00 – Updated: 2024-08-05 18:28
    VLAI
    Summary
    A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    GNOME gdm Affected: 3.24.1
    Create a notification for this product.
    Date Public
    2017-09-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:28:16.573Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "gdm",
              "vendor": "GNOME",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.24.1"
                }
              ]
            }
          ],
          "datePublic": "2017-09-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select \u0027login as another user\u0027 to unlock their screen."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-592",
                  "description": "CWE-592",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-26T15:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2017-12164",
        "datePublished": "2018-07-26T16:00:00.000Z",
        "dateReserved": "2017-08-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T18:28:16.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7496 (GCVE-0-2015-7496)

    Vulnerability from cvelistv5 – Published: 2015-11-24 20:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-11-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:28.109Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2015-271025c598",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172328.html"
              },
              {
                "name": "[oss-security] 20151117 Re: CVE request for Gnome gdm/screen lock crash",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/17/10"
              },
              {
                "name": "RHSA-2017:2128",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2128"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://download.gnome.org/sources/gdm/3.18/gdm-3.18.2.news"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=758032"
              },
              {
                "name": "[oss-security] 20151117 CVE request for Gnome gdm/screen lock crash",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/17/8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "FEDORA-2015-271025c598",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172328.html"
            },
            {
              "name": "[oss-security] 20151117 Re: CVE request for Gnome gdm/screen lock crash",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/17/10"
            },
            {
              "name": "RHSA-2017:2128",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2128"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://download.gnome.org/sources/gdm/3.18/gdm-3.18.2.news"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=758032"
            },
            {
              "name": "[oss-security] 20151117 CVE request for Gnome gdm/screen lock crash",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/17/8"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2015-7496",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "FEDORA-2015-271025c598",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172328.html"
                },
                {
                  "name": "[oss-security] 20151117 Re: CVE request for Gnome gdm/screen lock crash",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/17/10"
                },
                {
                  "name": "RHSA-2017:2128",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2128"
                },
                {
                  "name": "https://download.gnome.org/sources/gdm/3.18/gdm-3.18.2.news",
                  "refsource": "CONFIRM",
                  "url": "https://download.gnome.org/sources/gdm/3.18/gdm-3.18.2.news"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=758032",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=758032"
                },
                {
                  "name": "[oss-security] 20151117 CVE request for Gnome gdm/screen lock crash",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/17/8"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7496",
        "datePublished": "2015-11-24T20:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:28.109Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-7273 (GCVE-0-2013-7273)

    Vulnerability from cvelistv5 – Published: 2014-04-29 14:00 – Updated: 2024-08-06 18:01
    VLAI
    Summary
    GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-01-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:01:20.442Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/01/07/10"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=704284"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338"
              },
              {
                "name": "[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/01/07/16"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050745"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-01-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-04-29T12:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/01/07/10"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=704284"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338"
            },
            {
              "name": "[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/01/07/16"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050745"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-7273",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/01/07/10"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=704284",
                  "refsource": "MISC",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=704284"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338"
                },
                {
                  "name": "[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/01/07/16"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1050745",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050745"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-7273",
        "datePublished": "2014-04-29T14:00:00.000Z",
        "dateReserved": "2014-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:01:20.442Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4169 (GCVE-0-2013-4169)

    Vulnerability from cvelistv5 – Published: 2013-09-10 19:00 – Updated: 2024-09-16 19:04
    VLAI
    Summary
    GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://bugzilla.redhat.com/bugzilla/show_bug.cgi… x_refsource_CONFIRM
    http://secunia.com/advisories/54661 third-party-advisoryx_refsource_SECUNIA
    http://rhn.redhat.com/errata/RHSA-2013-1213.html vendor-advisoryx_refsource_REDHAT
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:38:00.943Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=988498"
              },
              {
                "name": "54661",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/54661"
              },
              {
                "name": "RHSA-2013:1213",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-1213.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-09-10T19:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=988498"
            },
            {
              "name": "54661",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/54661"
            },
            {
              "name": "RHSA-2013:1213",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1213.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-4169",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=988498",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=988498"
                },
                {
                  "name": "54661",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/54661"
                },
                {
                  "name": "RHSA-2013:1213",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2013-1213.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-4169",
        "datePublished": "2013-09-10T19:00:00.000Z",
        "dateReserved": "2013-06-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:04:55.123Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2387 (GCVE-0-2010-2387)

    Vulnerability from cvelistv5 – Published: 2012-12-21 02:00 – Updated: 2024-08-07 02:32
    VLAI
    Summary
    vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://bugzilla.gnome.org/show_bug.cgi?id=571846 x_refsource_CONFIRM
    http://www.auscert.org.au/13123 third-party-advisoryx_refsource_AUSCERT
    https://blogs.oracle.com/sunsecurity/entry/cve_20… x_refsource_CONFIRM
    http://secunia.com/advisories/40690 third-party-advisoryx_refsource_SECUNIA
    http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/g… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/40780 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/66643 vdb-entryx_refsource_OSVDB
    Date Public
    2009-02-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:32:16.591Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
              },
              {
                "name": "ASB-2010.0184",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_AUSCERT",
                  "x_transferred"
                ],
                "url": "http://www.auscert.org.au/13123"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
              },
              {
                "name": "40690",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/40690"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
              },
              {
                "name": "solaris-gdm-information-disclosure(60642)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
              },
              {
                "name": "40780",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/40780"
              },
              {
                "name": "66643",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/66643"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-02-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
            },
            {
              "name": "ASB-2010.0184",
              "tags": [
                "third-party-advisory",
                "x_refsource_AUSCERT"
              ],
              "url": "http://www.auscert.org.au/13123"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
            },
            {
              "name": "40690",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/40690"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
            },
            {
              "name": "solaris-gdm-information-disclosure(60642)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
            },
            {
              "name": "40780",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/40780"
            },
            {
              "name": "66643",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/66643"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2010-2387",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=571846",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
                },
                {
                  "name": "ASB-2010.0184",
                  "refsource": "AUSCERT",
                  "url": "http://www.auscert.org.au/13123"
                },
                {
                  "name": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure",
                  "refsource": "CONFIRM",
                  "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
                },
                {
                  "name": "40690",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/40690"
                },
                {
                  "name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes",
                  "refsource": "CONFIRM",
                  "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
                },
                {
                  "name": "solaris-gdm-information-disclosure(60642)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
                },
                {
                  "name": "40780",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/40780"
                },
                {
                  "name": "66643",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/66643"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2010-2387",
        "datePublished": "2012-12-21T02:00:00.000Z",
        "dateReserved": "2010-06-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:32:16.591Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }