Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.
Max CVSS
2.1
EPSS Score
0.04%
Published
1999-12-05
Updated
2022-08-17
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2003-08-27
Updated
2017-10-11
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).
Max CVSS
2.1
EPSS Score
0.06%
Published
2003-11-17
Updated
2017-07-11
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.
Max CVSS
2.1
EPSS Score
0.06%
Published
2003-11-17
Updated
2017-07-11
gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-10-05
Updated
2017-07-11
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.
Max CVSS
2.6
EPSS Score
0.59%
Published
2005-05-20
Updated
2018-10-03
Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used.
Max CVSS
2.6
EPSS Score
0.87%
Published
2006-06-02
Updated
2010-04-02
The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.
Max CVSS
2.1
EPSS Score
0.09%
Published
2007-01-24
Updated
2022-02-07
The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V.
Max CVSS
2.1
EPSS Score
0.04%
Published
2007-12-17
Updated
2012-10-31
The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2009-05-14
Updated
2009-05-23
nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.
Max CVSS
2.1
EPSS Score
0.04%
Published
2009-12-23
Updated
2017-09-19
The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2011-06-14
Updated
2021-11-02
GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.
Max CVSS
2.1
EPSS Score
0.04%
Published
2011-09-02
Updated
2012-01-19
DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials.
Max CVSS
2.1
EPSS Score
0.04%
Published
2012-06-07
Updated
2017-08-29
GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-04-29
Updated
2014-04-30
gdm3 3.14.2 and possibly later has an information leak before screen lock
Max CVSS
2.4
EPSS Score
0.10%
Published
2019-11-05
Updated
2020-08-18
16 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!