Page 2 of 15 results (0.012 seconds)

CVSS: 3.7EPSS: 0%CPEs: 4EXPL: 0

GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges. • http://bugzilla.gnome.org/show_bug.cgi?id=343476 http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html http://secunia.com/advisories/20532 http://secunia.com/advisories/20552 http://secunia.com/advisories/20587 http://secunia.com/advisories/20627 http://secunia.com/advisories/20636 http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:100 http://www.securityfocus.com/archive/1/436428 http:&# •

CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0

Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file. • http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260&r2=1.261 http://www.debian.org/security/2006/dsa-1040 http://www.mandriva.com/security/advisories?name=MDKSA-2006:083 http://www.redhat.com/support/errata/RHSA-2007-0286.html http://www.securityfocus.com/bid/17635 http://www.vupen.com/english/advisories/2006/1465 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303 https://exchange.xforce.ibmcloud.com/vulnerabilities/26092 https://oval.cisecurity.org/reposi • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0

GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption). GDM 2.4.4.x anteriores a 2.4.4.4 y 2.4.1.x anteriores a 2.4.1.7 no restringe el tamaño de la entrada, lo que permite a atacantes causar una denegación de servicio (consumición de memoria). • http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000766 http://www.mandriva.com/security/advisories?name=MDKSA-2003:100 http://www.securityfocus.com/bid/8846 https://exchange.xforce.ibmcloud.com/vulnerabilities/13447 •

CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0

GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results. GDM 2.4.4.x anteriores a 2.4.4.4, y 2.4.1.x anteriores a 2.4.1.7 no limita el número de comandos y usa una conexión de socket con bloqueo, lo que permite a atacantes causar una denegación de servicio (consumición de recursos) enviando comandos y no leyendo los resultados. • http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000766 http://www.mandriva.com/security/advisories?name=MDKSA-2003:100 http://www.securityfocus.com/bid/8846 https://exchange.xforce.ibmcloud.com/vulnerabilities/13448 •

CVSS: 5.0EPSS: 0%CPEs: 22EXPL: 0

The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name. Vulnerabilidad desconocida en el soporte XDMPC (X Display Manager Control Protocol - Protocolo de Control de Administrador de Visualizador X) en GDM anteriores a 2.4.1.6 permite a atacantes causar una denegación de servicio (caída del demonio), un problema diferente de CAN-2003-0548. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729 http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html http://www.redhat.com/support/errata/RHSA-2003-258.html http://www.redhat.com/support/errata/RHSA-2003-259.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A129 https://access.redhat.com/security/cve/CVE-2003-0549 https://bugzilla.redhat.com/show_bug.cgi?id=1617052 •