CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2018-19358
https://notcve.org/view.php?id=CVE-2018-19358
18 Nov 2018 — GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. NOTE: the vendor disputes this because, according to the security model, untrusted applications must not be allowed to access the user's session bus socket. GNOME Keyring h... • https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1780365 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2012-3466
https://notcve.org/view.php?id=CVE-2012-3466
22 Oct 2012 — GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors. GNOME gnome-keyring v3.4.0 hasta v3.4.1, cuando gpg-cache-method se establece en "idle" o "timeout", no limita correctamente la cantidad de tiempo que una contraseña se almacena en caché, lo que permite a los atacantes tener un impacto no especificado a través de vector... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683655 • CWE-264: Permissions, Privileges, and Access Controls •