CVSS: 6.8EPSS: 0%CPEs: 60EXPL: 0CVE-2013-7221
https://notcve.org/view.php?id=CVE-2013-7221
29 Apr 2014 — The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation. La funcionalidad de bloqueo de pantalla automático en GNOME Shell (también conocido como gnome-shell) anterior a 3.10 no previene acceso al dialogo "Enter a Command", lo que permite a atacantes físicamente próximos ejecutar comandos arbitrarios aprovechan... • http://www.openwall.com/lists/oss-security/2013/12/27/4 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2013-7273
https://notcve.org/view.php?id=CVE-2013-7273
29 Apr 2014 — GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name. GNOME Display Manager (gdm) 3.4.1 y anteriores, cuando "disable-user-list" está configurado como "true", permite a usuarios locales causar una denegación de servicio (incapacidad de iniciar sesión) al pulsar el botón Cancel después de escribir un nombre de usuario. • http://www.openwall.com/lists/oss-security/2014/01/07/10 •
CVSS: 8.1EPSS: 0%CPEs: 44EXPL: 0CVE-2013-4169 – gdm: TOCTTOU race condition on /tmp/.X11-unix
https://notcve.org/view.php?id=CVE-2013-4169
06 Sep 2013 — GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/. GNOME Display Manager (gdm) anteriores a 2.21.1 permiten a usuarios locales cambiar permisos de directorios arbitrarios a través de un ataque de enlaces simbólicos sobre /tmp/.X11-unix/. The GNOME Display Manager provides the graphical login screen, shown shortly after boot up, log out, and when user-switching. A race condition was found in the way GDM handled ... • http://rhn.redhat.com/errata/RHSA-2013-1213.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-552: Files or Directories Accessible to External Parties •
CVSS: 5.9EPSS: 0%CPEs: 12EXPL: 0CVE-2013-0240
https://notcve.org/view.php?id=CVE-2013-0240
28 Mar 2013 — Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. Gnome Online Accounts (GOA) 3.4.x, 3.6.x anterior a 3.6.3 y 3.7.x anterior a 3.7.91, no valida adecuadamente los certificados SSL cuando crea cuentas para Windows Live o Facebook, lo que permite a atacant... • http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html • CWE-310: Cryptographic Issues •
CVSS: 7.4EPSS: 0%CPEs: 11EXPL: 0CVE-2013-1799
https://notcve.org/view.php?id=CVE-2013-1799
28 Mar 2013 — Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240. Gnome Online Accounts (GOA) 3.6.x anterior a 3.6.3 y 3.7.x anterior a 3.7.91, no valida adecuadamente los certificados SSL cuando crear cuen... • http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html • CWE-310: Cryptographic Issues •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2013-1050
https://notcve.org/view.php?id=CVE-2013-1050
08 Mar 2013 — The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation. La configuración por defecto en gnome-screensaver v3.5.4 hasta v3.6.0 fija la opción AutostartCondition a modo de retorno en el archivo .Desktop, lo que impide que el programa se inicie automáticamente... • http://www.ubuntu.com/usn/USN-1716-1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 11EXPL: 1CVE-2010-2387
https://notcve.org/view.php?id=CVE-2010-2387
21 Dec 2012 — vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs. vicious-extensions/ve-misc.c en GNOME Display Manager (GDM) v2.20.x antes de v2.20.11, cuando la depuración GDM está habilitada, registra la contraseña de usuario cuando contiene caracteres no válidos UTF8 codificados, lo que podría pe... • https://github.com/LogSec/CVE-2010-2387 • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2012-3466
https://notcve.org/view.php?id=CVE-2012-3466
22 Oct 2012 — GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors. GNOME gnome-keyring v3.4.0 hasta v3.4.1, cuando gpg-cache-method se establece en "idle" o "timeout", no limita correctamente la cantidad de tiempo que una contraseña se almacena en caché, lo que permite a los atacantes tener un impacto no especificado a través de vector... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683655 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 5%CPEs: 1EXPL: 2CVE-2012-4427
https://notcve.org/view.php?id=CVE-2012-4427
01 Oct 2012 — The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page. El complemento gnome-shell v3.4.1 en GNOME permite a atacantes remotos forzar la descarga e instalación de extensiones arbitrarias desde extensions.gnome.org a través de una página modificada. • http://www.openwall.com/lists/oss-security/2012/09/08/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4000
https://notcve.org/view.php?id=CVE-2010-4000
05 Nov 2010 — gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. gnome-shell en GNOME Shell v2.31.5 pone un nombre de directorio de longitud cero en la variable LD_LIBRARY_PATH, lo que permite a usuarios locales conseguir privilegios a través de un caballo de Troya en una biblioteca compartida en el directorio de trabajo actual. • https://bugzilla.redhat.com/show_bug.cgi?id=644561 • CWE-264: Permissions, Privileges, and Access Controls •