Gnome Gnome Display Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Gnome Gnome Display Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2018-14424 — CVSS 7.8 (high): The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows…
CVE-2015-7496 — CVSS 7.2 (high): GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.
CVE-2020-16125 — CVSS 7.2 (high): gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely…
CVE-2013-4169 — CVSS 6.9 (medium): GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on…
CVE-2020-27837 — CVSS 6.4 (medium): A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the…
CVE-2019-3825 — CVSS 6.3 (medium): A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen…
CVE-2017-12164 — CVSS 4.1 (medium): A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled…
CVE-2013-7273 — CVSS 2.1 (low): GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service…
CVE-2010-2387 — CVSS 1.9 (low): vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when…