Vulnerabilities > Gnome > Gnome Display Manager

DATE CVE VULNERABILITY TITLE RISK
2020-12-28 CVE-2020-27837 Race Condition vulnerability in Gnome Display Manager
A flaw was found in GDM in versions prior to 3.38.2.1.
local
gnome CWE-362
4.4
2020-11-10 CVE-2020-16125 Improper Check for Unusual or Exceptional Conditions vulnerability in Gnome Display Manager
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
local
low complexity
gnome CWE-754
4.6
2019-11-05 CVE-2016-1000002 Information Exposure vulnerability in multiple products
gdm3 3.14.2 and possibly later has an information leak before screen lock
local
low complexity
gnome redhat debian opensuse CWE-200
2.1
2019-02-06 CVE-2019-3825 Improper Authentication vulnerability in multiple products
A vulnerability was discovered in gdm before 3.31.4.
6.9
2018-08-14 CVE-2018-14424 Use After Free vulnerability in Gnome Display Manager
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.
local
low complexity
gnome CWE-416
4.6
2018-07-26 CVE-2017-12164 Improper Initialization vulnerability in Gnome Display Manager 3.24.1
A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin.
local
gnome CWE-665
6.9
2015-11-24 CVE-2015-7496 Permissions, Privileges, and Access Controls vulnerability in multiple products
GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.
local
low complexity
fedoraproject gnome CWE-264
7.2
2014-04-29 CVE-2013-7273 Unspecified vulnerability in Gnome Display Manager
GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.
local
low complexity
gnome
2.1
2013-09-10 CVE-2013-4169 Link Following vulnerability in Gnome Display Manager
GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.
local
gnome CWE-59
6.9
2012-12-21 CVE-2010-2387 Credentials Management vulnerability in Gnome Display Manager
vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.
local
gnome CWE-255
1.9