Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 20 results


CVE-2020-27837

Low priority
Vulnerable

A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without...

1 affected packages

gdm3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gdm3 Not affected Vulnerable Vulnerable Not affected Not affected
Show less packages

CVE-2020-16125

Medium priority

Some fixes available 11 of 12

gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with...

1 affected packages

gdm3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gdm3 Fixed Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2016-1000002

Low priority
Vulnerable

gdm3 3.14.2 and possibly later has an information leak before screen lock

1 affected packages

gdm3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gdm3 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2019-3825

Medium priority

Some fixes available 14 of 15

A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they...

1 affected packages

gdm3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gdm3 Fixed Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2018-14424

Medium priority

Some fixes available 14 of 15

The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus...

1 affected packages

gdm3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gdm3 Fixed Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2017-12164

Medium priority
Fixed

A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.

1 affected packages

gdm3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gdm3 Not affected
Show less packages

CVE-2015-7496

Medium priority
Ignored

GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.

2 affected packages

gdm, gdm3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gdm Not in release Not in release
gdm3 Not affected Not affected
Show less packages

CVE-2012-6648

Medium priority

Some fixes available 7 of 8

gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier...

2 affected packages

gdm-guest-session, lightdm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gdm-guest-session
lightdm
Show less packages

CVE-2011-4970

Medium priority
Vulnerable

Multiple SQL injection vulnerabilities in LCG Disk Pool Manager (DPM) before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the (1) r_token variable in the dpm_get_pending_req_by_token, (2)...

2 affected packages

dpm, lcgdm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dpm Not in release Not in release Not in release Not in release Not in release
lcgdm Not in release Not in release Not in release Vulnerable Vulnerable
Show less packages

CVE-2013-7273

Medium priority
Ignored

GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.

1 affected packages

gdm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gdm Not in release Not in release
Show less packages