CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-6111
https://notcve.org/view.php?id=CVE-2012-6111
20 Dec 2019 — gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function gnome-keyring no descarta los secretos almacenados cuando se usa la función gnome_keyring_lock_all_sync. • http://www.openwall.com/lists/oss-security/2013/01/17/4 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 4%CPEs: 4EXPL: 0CVE-2018-20781 – Ubuntu Security Notice USN-3894-1
https://notcve.org/view.php?id=CVE-2018-20781
12 Feb 2019 — In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext. En pam/gkr-pam-module.c en GNOME Keyring, en versiones anteriores a la 3.27.2, la contraseña del usuario se mantiene en un proceso hijo de sesión que se genera en el demonio LightDM. Esto puede exponer las credenciales en texto claro. It was discovered that GNOME Keyring incorrectly cleared out credentials supplied to the... • https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1772919 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2018-19358
https://notcve.org/view.php?id=CVE-2018-19358
18 Nov 2018 — GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. NOTE: the vendor disputes this because, according to the security model, untrusted applications must not be allowed to access the user's session bus socket. GNOME Keyring h... • https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1780365 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2012-3466
https://notcve.org/view.php?id=CVE-2012-3466
22 Oct 2012 — GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors. GNOME gnome-keyring v3.4.0 hasta v3.4.1, cuando gpg-cache-method se establece en "idle" o "timeout", no limita correctamente la cantidad de tiempo que una contraseña se almacena en caché, lo que permite a los atacantes tener un impacto no especificado a través de vector... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683655 • CWE-264: Permissions, Privileges, and Access Controls •