CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27837
https://notcve.org/view.php?id=CVE-2020-27837
28 Dec 2020 — A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit. Se encontró un fallo en GDM en versiones anteriores a 3.38.2.1. Una condición de carrera en el manejo del cierre de sesión hace posible omitir la pantalla de bloqueo para un usuario ... • https://bugzilla.redhat.com/show_bug.cgi?id=1906812 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 3CVE-2020-16125 – gdm3 would start gnome-initial-setup if it cannot contact accountservice
https://notcve.org/view.php?id=CVE-2020-16125
03 Nov 2020 — gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account. gdm3 versiones anteriores a 3.36.2 o 3.38.2, comenzaría la configuración inicial de gnom si gdm3 no puede ponerse en contacto con el servicio de cuentas por medio de dbus de manera oportuna; en Ubuntu (y pote... • https://github.com/za970120604/CVE-2020-16125-Reproduction • CWE-636: Not Failing Securely ('Failing Open') CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.9EPSS: 0%CPEs: 4EXPL: 1CVE-2019-3825 – gdm: lock screen bypass when timed login is enabled
https://notcve.org/view.php?id=CVE-2019-3825
06 Feb 2019 — A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session. Se ha descubierto una vulnerabilidad en gdm en versiones anteriores a la 3.31.4. Cuando el inicio de sesión temporal está habilitado en la configuración, un atacante podría omitir la pantalla de bloqueo, seleccionando el usuario de... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14424 – Ubuntu Security Notice USN-3737-1
https://notcve.org/view.php?id=CVE-2018-14424
13 Aug 2018 — The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution. El demonio en GDM hasta la versión 3.29.1 no desexporta correctamente objetos display desde su interfaz D-Bus cuando se destruyen. Esto permite que un atacante local desencadene un uso de memoria previamente li... • http://www.securityfocus.com/bid/105179 • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7496 – gdm: Crash when holding Escape in log screen
https://notcve.org/view.php?id=CVE-2015-7496
24 Nov 2015 — GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key. GNOME Display Manager (gdm) en versiones anteriores a 3.18.2 permite a atacantes físicamente próximos eludir la pantalla de bloqueo manteniendo pulsada la tecla Escape. It was found that gdm could crash due to a signal handler dispatched to an invalid conversation. An attacker could crash gdm by holding the escape key when the screen is locked, possibly bypassing the locked sc... • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172328.html • CWE-264: Permissions, Privileges, and Access Controls CWE-364: Signal Handler Race Condition •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2013-7273
https://notcve.org/view.php?id=CVE-2013-7273
29 Apr 2014 — GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name. GNOME Display Manager (gdm) 3.4.1 y anteriores, cuando "disable-user-list" está configurado como "true", permite a usuarios locales causar una denegación de servicio (incapacidad de iniciar sesión) al pulsar el botón Cancel después de escribir un nombre de usuario. • http://www.openwall.com/lists/oss-security/2014/01/07/10 •
CVSS: 8.1EPSS: 0%CPEs: 44EXPL: 0CVE-2013-4169 – gdm: TOCTTOU race condition on /tmp/.X11-unix
https://notcve.org/view.php?id=CVE-2013-4169
06 Sep 2013 — GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/. GNOME Display Manager (gdm) anteriores a 2.21.1 permiten a usuarios locales cambiar permisos de directorios arbitrarios a través de un ataque de enlaces simbólicos sobre /tmp/.X11-unix/. The GNOME Display Manager provides the graphical login screen, shown shortly after boot up, log out, and when user-switching. A race condition was found in the way GDM handled ... • http://rhn.redhat.com/errata/RHSA-2013-1213.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-552: Files or Directories Accessible to External Parties •