CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 0CVE-2011-1709
https://notcve.org/view.php?id=CVE-2011-1709
14 Jun 2011 — GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type. GNOME Display Manager (GDM) antes de v2.32.2, cuando se utiliza glib v2.28, permite la ejecución de un navegador web con el uid de la cuenta de gdm, que permite a usuarios locales conseguir privilegios a través de vectores implican el tipo MIME x-scheme-handler/http. • http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 27EXPL: 0CVE-2011-0727 – gdm: privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2011-0727
31 Mar 2011 — GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/. GNOME Display Manager (GDM) v2.x anterior a v2.32.1 permite a usuarios locales cambiar el propietario de archivos arbitrarios mediante un ataque de enlace simbólico en un (1) DMRC o (2) fichero de icono en /var/cache/gdm/. This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been f... • http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news • CWE-59: Improper Link Resolution Before File Access ('Link Following') •