Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lightdm vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2011-3349
lightdm prior to 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.
Lightdm Project Lightdm
7.8
CVSSv3
CVE-2018-20781
In pam/gkr-pam-module.c in GNOME Keyring prior to 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.
Gnome Gnome Keyring
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Oracle Zfs Storage Appliance Kit 8.8
1 Github repository
7.3
CVSSv3
CVE-2017-7358
In LightDM up to and including 1.22.0, a directory traversal issue in debian/guest-account.sh allows local malicious users to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.
Lightdm Project Lightdm
Canonical Ubuntu Linux 16.10
Canonical Ubuntu Linux 16.04
1 EDB exploit
7
CVSSv3
CVE-2017-2624
It was found that xorg-x11-server prior to 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is...
X.org Xorg-server
Debian Debian Linux 7.0
1 Github repository
6.3
CVSSv3
CVE-2017-6590
An issue exists in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The explo...
Canonical Ubuntu Linux 16.10
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
5.9
CVSSv3
CVE-2015-8316
Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16.x prior to 1.16.6 when the XDMCP server is enabled allows remote malicious users to cause a denial of service (process crash) via an XDMCP request packet with no address.
Lightdm Project Lightdm 1.16.4
Lightdm Project Lightdm 1.14.3
Lightdm Project Lightdm 1.16.3
Lightdm Project Lightdm 1.16.2
Lightdm Project Lightdm 1.16.1
Lightdm Project Lightdm 1.16
4.6
CVSSv3
CVE-2017-8900
LightDM up to and including 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate malicious users to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session.
Lightdm Project Lightdm
NA
CVE-2012-1111
lightdm prior to 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact.
Robert Ancell Lightdm 1.0.4
Robert Ancell Lightdm 1.0.2
Robert Ancell Lightdm 0.9.6
Robert Ancell Lightdm 0.9.4
Robert Ancell Lightdm 0.4.4
Robert Ancell Lightdm 0.4.2
Robert Ancell Lightdm 0.3.2
Robert Ancell Lightdm 0.3.0
Robert Ancell Lightdm 0.1.0
Robert Ancell Lightdm 0.0.3
Robert Ancell Lightdm
Robert Ancell Lightdm 1.0.6
Robert Ancell Lightdm 0.9.3
Robert Ancell Lightdm 0.9.2
Robert Ancell Lightdm 0.9.1
Robert Ancell Lightdm 0.9.0
Robert Ancell Lightdm 0.2.2
Robert Ancell Lightdm 0.2.1
Robert Ancell Lightdm 0.2.0
Robert Ancell Lightdm 0.1.2
Robert Ancell Lightdm 1.0.10
Robert Ancell Lightdm 1.0.1
NA
CVE-2012-0943
debian/guest-account in Light Display Manager (lightdm) 1.0.x prior to 1.0.6 and 1.1.x prior to 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to diffe...
Robert Ancell Lightdm 1.0.2
Robert Ancell Lightdm 1.0.1
Robert Ancell Lightdm 1.0.0
Robert Ancell Lightdm 1.1.6
Robert Ancell Lightdm 1.1.5
Robert Ancell Lightdm 1.1.0
Canonical Ubuntu Linux 11.10
Robert Ancell Lightdm 1.0.5
Robert Ancell Lightdm 1.0.3
Robert Ancell Lightdm 1.1.3
Robert Ancell Lightdm 1.1.1
Robert Ancell Lightdm 1.0.4
Robert Ancell Lightdm 1.1.4
Robert Ancell Lightdm 1.1.2
1 EDB exploit
NA
CVE-2011-3153
dmrc.c in Light Display Manager (aka LightDM) prior to 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc.
Canonical Ubuntu Linux 11.10
Robert Ancell Lightdm 1.0.6
Robert Ancell Lightdm 1.0.4
Robert Ancell Lightdm 0.9.8
Robert Ancell Lightdm 0.9.6
Robert Ancell Lightdm 0.9.1
Robert Ancell Lightdm 1.0.2
Robert Ancell Lightdm 1.0.11
Robert Ancell Lightdm 1.0.10
Robert Ancell Lightdm 1.0.1
Robert Ancell Lightdm 0.4.1
Robert Ancell Lightdm 0.4.0
Robert Ancell Lightdm 0.3.6
Robert Ancell Lightdm 0.3.5
Robert Ancell Lightdm 0.0.4
Robert Ancell Lightdm 0.0.3
Robert Ancell Lightdm 0.0.2
Robert Ancell Lightdm 0.0.1
Robert Ancell Lightdm 1.0.5
Robert Ancell Lightdm 1.0.3
Robert Ancell Lightdm 1.0.0
Robert Ancell Lightdm 0.9.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »