Vulnerabilities > Gnome > GDM > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-08-07 | CVE-2007-3381 | Improper Input Validation vulnerability in Gnome GDM The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/. | 1.5 |
2006-06-09 | CVE-2006-2452 | Authentication Bypass vulnerability in GNOME Foundation GDM Configure Login Manager GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges. | 3.7 |
2006-04-25 | CVE-2006-1057 | Race Condition vulnerability in Gnome GDM 2.14 Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file. | 3.7 |
2003-11-17 | CVE-2003-0793 | Local Denial Of Service vulnerability in Multiple GDM GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption). | 2.1 |
2003-11-17 | CVE-2003-0794 | Local Denial Of Service vulnerability in Multiple GDM GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results. | 2.1 |
2003-08-27 | CVE-2003-0547 | GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file. | 2.1 |
1999-12-05 | CVE-1999-0990 | Unspecified vulnerability in Gnome GDM 2.0Beta4 Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system. | 2.1 |