CVSS: 3.7EPSS: 0%CPEs: 4EXPL: 0CVE-2006-2452
https://notcve.org/view.php?id=CVE-2006-2452
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges. • http://bugzilla.gnome.org/show_bug.cgi?id=343476 http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html http://secunia.com/advisories/20532 http://secunia.com/advisories/20552 http://secunia.com/advisories/20587 http://secunia.com/advisories/20627 http://secunia.com/advisories/20636 http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:100 http://www.securityfocus.com/archive/1/436428 http:&# •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2006-1057
https://notcve.org/view.php?id=CVE-2006-1057
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file. • http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260&r2=1.261 http://www.debian.org/security/2006/dsa-1040 http://www.mandriva.com/security/advisories?name=MDKSA-2006:083 http://www.redhat.com/support/errata/RHSA-2007-0286.html http://www.securityfocus.com/bid/17635 http://www.vupen.com/english/advisories/2006/1465 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303 https://exchange.xforce.ibmcloud.com/vulnerabilities/26092 https://oval.cisecurity.org/reposi • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0CVE-2003-0793
https://notcve.org/view.php?id=CVE-2003-0793
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption). GDM 2.4.4.x anteriores a 2.4.4.4 y 2.4.1.x anteriores a 2.4.1.7 no restringe el tamaño de la entrada, lo que permite a atacantes causar una denegación de servicio (consumición de memoria). • http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000766 http://www.mandriva.com/security/advisories?name=MDKSA-2003:100 http://www.securityfocus.com/bid/8846 https://exchange.xforce.ibmcloud.com/vulnerabilities/13447 •
CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0CVE-2003-0794
https://notcve.org/view.php?id=CVE-2003-0794
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results. GDM 2.4.4.x anteriores a 2.4.4.4, y 2.4.1.x anteriores a 2.4.1.7 no limita el número de comandos y usa una conexión de socket con bloqueo, lo que permite a atacantes causar una denegación de servicio (consumición de recursos) enviando comandos y no leyendo los resultados. • http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000766 http://www.mandriva.com/security/advisories?name=MDKSA-2003:100 http://www.securityfocus.com/bid/8846 https://exchange.xforce.ibmcloud.com/vulnerabilities/13448 •
CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0CVE-2003-0547
https://notcve.org/view.php?id=CVE-2003-0547
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file. GDM anteriores a 2.4.1.6, cuando usa la característica "examinar errores de sesión", permite a usuarios locales leer ficheros arbitrario mediante un ataque de enlaces simbólicos en el fichero ~/.xsession-errors • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729 http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html http://marc.info/?l=bugtraq&m=106194792924122&w=2 http://www.redhat.com/support/errata/RHSA-2003-258.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112 https://access.redhat.com/security/cve/CVE-2003-0547 https://bugzilla.redhat.com/show_bug.cgi?id=1617050 •