Every CVE whose affected-product data names Gnome Gdm, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2000-0491 — CVSS 10.0 (critical): Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a…
CVE-2011-1709 — CVSS 7.2 (high): GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account…
CVE-2011-0727 — CVSS 6.9 (medium): GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1)…
CVE-2009-2697 — CVSS 6.8 (medium): The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper…
CVE-2003-0548 — CVSS 5.0 (medium): The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash)…
CVE-2003-0549 — CVSS 5.0 (medium): The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash)…
CVE-2000-0504 — CVSS 5.0 (medium): libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the…
CVE-2006-6105 — CVSS 4.3 (medium): Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute…
CVE-2006-1057 — CVSS 3.7 (low): Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown…
CVE-2006-2452 — CVSS 3.7 (low): GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager"…
CVE-2003-0794 — CVSS 2.1 (low): GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket…
CVE-2003-0547 — CVSS 2.1 (low): GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the…
CVE-2003-0793 — CVSS 2.1 (low): GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of…
CVE-1999-0990 — CVSS 2.1 (low): Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.
CVE-2007-3381 — CVSS 1.5 (low): The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not…