CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19308
https://notcve.org/view.php?id=CVE-2019-19308
27 Nov 2019 — In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that returns NULL). En la función text_to_glyphs en el archivo sushi-font-widget.c en gnome-font-viewer versión 3.34.0, se presenta una desreferencia del puntero NULL mientras se analiza un archivo de fuente TTF que carece de una sección de nombre (debido a una llamada g_strconcat que devuelve NULL). • https://github.com/GNOME/gnome-font-viewer/blob/919dfbe684b75904563b8c6723c9778a4e00aad7/src/sushi-font-widget.c#L115-L117 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2012-5535
https://notcve.org/view.php?id=CVE-2012-5535
25 Nov 2019 — gnome-system-log polkit policy allows arbitrary files on the system to be read La política polkit de gnome-system-log, permite leer archivos arbitrarios en el sistema. • http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094059.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.4EPSS: 0%CPEs: 6EXPL: 1CVE-2016-1000002
https://notcve.org/view.php?id=CVE-2016-1000002
05 Nov 2019 — gdm3 3.14.2 and possibly later has an information leak before screen lock gdm3 versión 3.14.2 y posiblemente después, tiene una filtrado de información antes del bloqueo de pantalla • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000002 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2019-11460 – Gentoo Linux Security Advisory 201908-28
https://notcve.org/view.php?id=CVE-2019-11460
22 Apr 2019 — An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063. Un pro... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00088.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 5%CPEs: 4EXPL: 0CVE-2018-20781 – Ubuntu Security Notice USN-3894-1
https://notcve.org/view.php?id=CVE-2018-20781
12 Feb 2019 — In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext. En pam/gkr-pam-module.c en GNOME Keyring, en versiones anteriores a la 3.27.2, la contraseña del usuario se mantiene en un proceso hijo de sesión que se genera en el demonio LightDM. Esto puede exponer las credenciales en texto claro. It was discovered that GNOME Keyring incorrectly cleared out credentials supplied to the... • https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1772919 • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.8EPSS: 0%CPEs: 7EXPL: 1CVE-2019-3820 – gnome-shell: partial lock screen bypass
https://notcve.org/view.php?id=CVE-2019-3820
06 Feb 2019 — It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions. Se ha descubierto que la pantalla de bloqueo de gnome-shell, desde la versión 3.15.91 no restringió correctamente todas las acciones contextuales. Un atacante con acceso físico a una estación de trabajo bloqueada podría invocar ciertos atajos de teclado y, pot... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00023.html • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 6.9EPSS: 0%CPEs: 4EXPL: 1CVE-2019-3825 – gdm: lock screen bypass when timed login is enabled
https://notcve.org/view.php?id=CVE-2019-3825
06 Feb 2019 — A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session. Se ha descubierto una vulnerabilidad en gdm en versiones anteriores a la 3.31.4. Cuando el inicio de sesión temporal está habilitado en la configuración, un atacante podría omitir la pantalla de bloqueo, seleccionando el usuario de... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2018-19358
https://notcve.org/view.php?id=CVE-2018-19358
18 Nov 2018 — GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. NOTE: the vendor disputes this because, according to the security model, untrusted applications must not be allowed to access the user's session bus socket. GNOME Keyring h... • https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1780365 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14424 – Ubuntu Security Notice USN-3737-1
https://notcve.org/view.php?id=CVE-2018-14424
13 Aug 2018 — The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution. El demonio en GDM hasta la versión 3.29.1 no desexporta correctamente objetos display desde su interfaz D-Bus cuando se destruyen. Esto permite que un atacante local desencadene un uso de memoria previamente li... • http://www.securityfocus.com/bid/105179 • CWE-416: Use After Free •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12164
https://notcve.org/view.php?id=CVE-2017-12164
26 Jul 2018 — A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen. Se ha descubierto una vulnerabilidad en gdm 3.24.1, en donde gdm greeter no establecía el valor booleano ran_once durante el inicio automático de sesión. Si el inicio de sesión automático estaba habilitado para una víctima, un atacante podría simplemente seleccionar "login as a... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164 • CWE-592: DEPRECATED: Authentication Bypass Issues CWE-665: Improper Initialization •