CVE-2013-1050
https://notcve.org/view.php?id=CVE-2013-1050
The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation. La configuración por defecto en gnome-screensaver v3.5.4 hasta v3.6.0 fija la opción AutostartCondition a modo de retorno en el archivo .Desktop, lo que impide que el programa se inicie automáticamente después de un inicio de sesión y permite a los atacantes físicamente próximos saltarse el bloqueo de pantalla y acceder a una estación de trabajo sin vigilancia. • http://www.ubuntu.com/usn/USN-1716-1 https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1120126 https://bugzilla.gnome.org/show_bug.cgi?id=683060 https://git.gnome.org/browse/gnome-screensaver/commit/?id=1940dc6bc8ad5ee2c029714efb1276c05ca80bd4 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-2387
https://notcve.org/view.php?id=CVE-2010-2387
vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs. vicious-extensions/ve-misc.c en GNOME Display Manager (GDM) v2.20.x antes de v2.20.11, cuando la depuración GDM está habilitada, registra la contraseña de usuario cuando contiene caracteres no válidos UTF8 codificados, lo que podría permitir a usuarios locales obtener privilegios mediante la lectura de la información de los registros de syslog. • https://github.com/LogSec/CVE-2010-2387 http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes http://secunia.com/advisories/40690 http://secunia.com/advisories/40780 http://www.auscert.org.au/13123 http://www.osvdb.org/66643 https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure https://bugzilla.gnome.org/show_bug.cgi?id=571846 https://exchange.xforce.ibmcloud.com/vulnerabilities/60642 • CWE-255: Credentials Management Errors •
CVE-2012-3466
https://notcve.org/view.php?id=CVE-2012-3466
GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors. GNOME gnome-keyring v3.4.0 hasta v3.4.1, cuando gpg-cache-method se establece en "idle" o "timeout", no limita correctamente la cantidad de tiempo que una contraseña se almacena en caché, lo que permite a los atacantes tener un impacto no especificado a través de vectores de ataque desconocidos. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683655 http://git.gnome.org/browse/gnome-keyring/commit/?id=51606f299e5ee9d48096db0a5957efe26cbf7cc3 http://git.gnome.org/browse/gnome-keyring/commit/?id=5dff623470b859e332dbe12afb0dc57b292832d2 http://lists.opensuse.org/opensuse-updates/2012-09/msg00037.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:084 http://www.openwall.com/lists/oss-security/2012/08/09/1 http://www.openwall.com/lists/oss-security/2012/08/09/2 https:// • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-4427
https://notcve.org/view.php?id=CVE-2012-4427
The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page. El complemento gnome-shell v3.4.1 en GNOME permite a atacantes remotos forzar la descarga e instalación de extensiones arbitrarias desde extensions.gnome.org a través de una página modificada. • http://www.openwall.com/lists/oss-security/2012/09/08/1 http://www.openwall.com/lists/oss-security/2012/09/13/19 http://www.openwall.com/lists/oss-security/2012/09/13/26 http://www.openwall.com/lists/oss-security/2012/09/18/3 http://www.securityfocus.com/bid/55556 https://bugzilla.gnome.org/show_bug.cgi?id=684215 https://bugzilla.novell.com/show_bug.cgi?id=779473 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2010-4000
https://notcve.org/view.php?id=CVE-2010-4000
gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. gnome-shell en GNOME Shell v2.31.5 pone un nombre de directorio de longitud cero en la variable LD_LIBRARY_PATH, lo que permite a usuarios locales conseguir privilegios a través de un caballo de Troya en una biblioteca compartida en el directorio de trabajo actual. • https://bugzilla.redhat.com/show_bug.cgi?id=644561 • CWE-264: Permissions, Privileges, and Access Controls •