cbcvebase.

Debian Gdm3 vulnerabilities

8 known vulnerabilities affecting debian/gdm3.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM3LOW2

Vulnerabilities

Page 1 of 1
CVE-2018-14424P3HIGHCVSS 7.8fixed in gdm3 3.28.2-4 (bookworm)2018
CVE-2018-14424 [HIGH] CVE-2018-14424: gdm3 - The daemon in GDM through 3.29.1 does not properly unexport display objects from... The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution. Scope: local bookworm: resolved (fixed in 3.28.2-4) bullseye: resolve
debian
CVE-2015-7496P4HIGHCVSS 7.2fixed in gdm3 3.18.2-1 (bookworm)2015
CVE-2015-7496 [HIGH] CVE-2015-7496: gdm3 - GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers ... GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key. Scope: local bookworm: resolved (fixed in 3.18.2-1) bullseye: resolved (fixed in 3.18.2-1) forky: resolved (fixed in 3.18.2-1) sid: resolved (fixed in 3.18.2-1) trixie: resolved (fixed in 3.18.2-1)
debian
CVE-2019-3825P4LOWCVSS 6.3fixed in gdm3 3.30.2-3 (bookworm)2019
CVE-2019-3825 [MEDIUM] CVE-2019-3825: gdm3 - A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled... A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session. Scope: local bookworm: resolved (fixed in 3.30.2-3) bullseye: resolved (fixed in 3.30.2-3)
debian
CVE-2020-16125P4HIGHCVSS 7.2fixed in gdm3 3.38.2-1 (bookworm)2020
CVE-2020-16125 [HIGH] CVE-2020-16125: gdm3 - gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 ca... gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account. Scope: local bookworm: resolved (fixed in 3.38.2-1) bullseye: resol
debian
CVE-2020-27837P4MEDIUMCVSS 4.1fixed in gdm3 3.38.2.1-1 (bookworm)2020
CVE-2020-27837 [MEDIUM] CVE-2020-27837: gdm3 - A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the h... A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit. Scope: local bookworm: resolved (fixed in 3.
debian
CVE-2017-12164P4MEDIUMCVSS 4.1fixed in gdm3 3.26.0-1 (bookworm)2017
CVE-2017-12164 [MEDIUM] CVE-2017-12164: gdm3 - A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ... A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen. Scope: local bookworm: resolved (fixed in 3.26.0-1) bullseye: resolved (fixed in 3.26.0-1) forky: resolved (fixed in 3.26.0-1) sid: res
debian
CVE-2011-0727P4MEDIUMCVSS 6.9fixed in gdm3 2.30.5-9 (bookworm)2011
CVE-2011-0727 [MEDIUM] CVE-2011-0727: gdm3 - GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the o... GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/. Scope: local bookworm: resolved (fixed in 2.30.5-9) bullseye: resolved (fixed in 2.30.5-9) forky: resolved (fixed in 2.30.5-9) sid: resolved (fixed in 2.30.5-9) trixie: resolved (fixe
debian
CVE-2013-7273P4LOWCVSS 2.1fixed in gdm3 3.8.3-1 (bookworm)2013
CVE-2013-7273 [LOW] CVE-2013-7273: gdm3 - GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to ... GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name. Scope: local bookworm: resolved (fixed in 3.8.3-1) bullseye: resolved (fixed in 3.8.3-1) forky: resolved (fixed in 3.8.3-1) sid: resolved (fixed in 3.8.3-1) trixie:
debian
Debian Gdm3 vulnerabilities | cvebase