Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Gdm
(Gnome)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2006-12-15 | CVE-2006-6105 | Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog. | Gdm | N/A | ||
| 2006-06-09 | CVE-2006-2452 | GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges. | Gdm | N/A | ||
| 2006-04-24 | CVE-2006-1057 | Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file. | Gdm | N/A | ||
| 2003-11-17 | CVE-2003-0794 | GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results. | Gdm | N/A | ||
| 2003-11-17 | CVE-2003-0793 | GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption). | Gdm | N/A | ||
| 2003-08-27 | CVE-2003-0549 | The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name. | Gdm, Enterprise_linux, Kdebase, Linux_advanced_workstation | N/A | ||
| 2003-08-27 | CVE-2003-0548 | The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549. | Gdm, Enterprise_linux, Kdebase, Linux_advanced_workstation | N/A | ||
| 2003-08-27 | CVE-2003-0547 | GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file. | Gdm, Kdebase | N/A | ||
| 2000-06-19 | CVE-2000-0504 | libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro. | Gdm, X, X11r6 | N/A | ||
| 2000-05-24 | CVE-2000-0491 | Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request. | Openlinux, Gdm, Suse_linux | N/A |