Gnome Display Manager
By the Year
In 2024 there have been 0 vulnerabilities in Gnome Display Manager . Gnome Display Manager did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 2 | 6.60 |
| 2019 | 2 | 4.40 |
| 2018 | 1 | 7.80 |
It may take a day or so for new Gnome Display Manager vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Gnome Display Manager Security Vulnerabilities
A flaw was found in GDM in versions prior to 3.38.2.1
CVE-2020-27837
6.4 - Medium
- December 28, 2020
A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.
Race Condition
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue
CVE-2020-16125
6.8 - Medium
- November 10, 2020
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
Improper Check for Unusual or Exceptional Conditions
gdm3 3.14.2 and possibly later has an information leak before screen lock
CVE-2016-1000002
2.4 - Low
- November 05, 2019
gdm3 3.14.2 and possibly later has an information leak before screen lock
Information Disclosure
A vulnerability was discovered in gdm before 3.31.4
CVE-2019-3825
6.4 - Medium
- February 06, 2019
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.
authentification
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which
CVE-2018-14424
7.8 - High
- August 14, 2018
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.
Dangling pointer
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Gnome Display Manager or by GNOME? Click the Watch button to subscribe.
