VulnerableCode Package Details - pkg:deb/ubuntu/gdm3@3.29.90-2ubuntu1

Search for packages

Package details: pkg:deb/ubuntu/gdm3@3.29.90-2ubuntu1

Essentials
History (0)

purl	pkg:deb/ubuntu/gdm3@3.29.90-2ubuntu1

Next non-vulnerable version	3.36.3-0ubuntu0.20.04.2
Latest non-vulnerable version	3.36.3-0ubuntu0.20.04.2
Risk	4.0

Vulnerabilities affecting this package (3)

Vulnerability	Summary	Fixed by
VCID-5czt-7amb-aaan Aliases: CVE-2018-14424	The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.	3.29.91-1ubuntu1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-puky-1tyt-aaah Aliases: CVE-2020-16125	gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.	3.36.3-0ubuntu0.20.04.2 Affected by 0 other vulnerabilities.
VCID-z8hh-resj-aaaf Aliases: CVE-2019-3825	A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.	3.31.4+git20190225-1ubuntu1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version