Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lightdm vulnerabilities and exploits
(subscribe to this query)
695
VMScore
CVE-2017-7358
In LightDM up to and including 1.22.0, a directory traversal issue in debian/guest-account.sh allows local malicious users to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.
Lightdm Project Lightdm
Canonical Ubuntu Linux 16.10
Canonical Ubuntu Linux 16.04
1 EDB exploit
641
VMScore
CVE-2011-3349
lightdm prior to 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.
Lightdm Project Lightdm
614
VMScore
CVE-2017-6590
An issue exists in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The explo...
Canonical Ubuntu Linux 16.10
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
409
VMScore
CVE-2012-1111
lightdm prior to 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact.
Robert Ancell Lightdm 1.0.4
Robert Ancell Lightdm 1.0.2
Robert Ancell Lightdm 0.9.6
Robert Ancell Lightdm 0.9.4
Robert Ancell Lightdm 0.4.4
Robert Ancell Lightdm 0.4.2
Robert Ancell Lightdm 0.3.2
Robert Ancell Lightdm 0.3.0
Robert Ancell Lightdm 0.1.0
Robert Ancell Lightdm 0.0.3
Robert Ancell Lightdm
Robert Ancell Lightdm 1.0.6
Robert Ancell Lightdm 0.9.3
Robert Ancell Lightdm 0.9.2
Robert Ancell Lightdm 0.9.1
Robert Ancell Lightdm 0.9.0
Robert Ancell Lightdm 0.2.2
Robert Ancell Lightdm 0.2.1
Robert Ancell Lightdm 0.2.0
Robert Ancell Lightdm 0.1.2
Robert Ancell Lightdm 1.0.10
Robert Ancell Lightdm 1.0.1
383
VMScore
CVE-2015-8316
Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16.x prior to 1.16.6 when the XDMCP server is enabled allows remote malicious users to cause a denial of service (process crash) via an XDMCP request packet with no address.
Lightdm Project Lightdm 1.16.4
Lightdm Project Lightdm 1.14.3
Lightdm Project Lightdm 1.16.3
Lightdm Project Lightdm 1.16.2
Lightdm Project Lightdm 1.16.1
Lightdm Project Lightdm 1.16
294
VMScore
CVE-2013-4459
LightDM 1.7.5 up to and including 1.8.3 and 1.9.x prior to 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account.
Robert Ancell Lightdm 1.7.12
Robert Ancell Lightdm 1.7.11
Robert Ancell Lightdm 1.7.10
Robert Ancell Lightdm 1.7.9
Robert Ancell Lightdm 1.9.0
Robert Ancell Lightdm 1.8.3
Robert Ancell Lightdm 1.7.15
Robert Ancell Lightdm 1.7.13
Robert Ancell Lightdm 1.7.8
Robert Ancell Lightdm 1.7.6
Robert Ancell Lightdm 1.8.2
Robert Ancell Lightdm 1.8.1
Robert Ancell Lightdm 1.8.0
Robert Ancell Lightdm 1.7.18
Robert Ancell Lightdm 1.7.17
Robert Ancell Lightdm 1.9.1
Robert Ancell Lightdm 1.7.16
Robert Ancell Lightdm 1.7.14
Robert Ancell Lightdm 1.7.7
Robert Ancell Lightdm 1.7.5
Canonical Ubuntu Linux 13.10
215
VMScore
CVE-2012-0943
debian/guest-account in Light Display Manager (lightdm) 1.0.x prior to 1.0.6 and 1.1.x prior to 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to diffe...
Robert Ancell Lightdm 1.0.2
Robert Ancell Lightdm 1.0.1
Robert Ancell Lightdm 1.0.0
Robert Ancell Lightdm 1.1.6
Robert Ancell Lightdm 1.1.5
Robert Ancell Lightdm 1.1.0
Canonical Ubuntu Linux 11.10
Robert Ancell Lightdm 1.0.5
Robert Ancell Lightdm 1.0.3
Robert Ancell Lightdm 1.1.3
Robert Ancell Lightdm 1.1.1
Robert Ancell Lightdm 1.0.4
Robert Ancell Lightdm 1.1.4
Robert Ancell Lightdm 1.1.2
1 EDB exploit
187
VMScore
CVE-2018-20781
In pam/gkr-pam-module.c in GNOME Keyring prior to 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.
Gnome Gnome Keyring
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Oracle Zfs Storage Appliance Kit 8.8
1 Github repository
187
VMScore
CVE-2017-8900
LightDM up to and including 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate malicious users to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session.
Lightdm Project Lightdm
187
VMScore
CVE-2013-4331
Light Display Manager (aka LightDM) 1.4.x prior to 1.4.3, 1.6.x prior to 1.6.2, and 1.7.x prior to 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain sensitive information by reading the file.
Robert Ancell Lightdm 1.7.1
Robert Ancell Lightdm 1.7.11
Robert Ancell Lightdm 1.7.6
Robert Ancell Lightdm 1.7.8
Robert Ancell Lightdm 1.4.1
Robert Ancell Lightdm 1.7.9
Robert Ancell Lightdm 1.6.0
Robert Ancell Lightdm 1.6.1
Robert Ancell Lightdm 1.4.0
Robert Ancell Lightdm 1.7.13
Robert Ancell Lightdm 1.7.2
Robert Ancell Lightdm 1.7.3
Robert Ancell Lightdm 1.7.4
Robert Ancell Lightdm 1.7.0
Robert Ancell Lightdm 1.7.10
Robert Ancell Lightdm 1.7.12
Robert Ancell Lightdm 1.7.5
Robert Ancell Lightdm 1.7.7
Robert Ancell Lightdm 1.4.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »