Skip to main content

Lightdm

7 CVEs product

Monthly

CVE-2015-8316 MEDIUM This Month

Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service (process crash) via an. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Lightdm
NVD
CVSS 3.0
5.9
EPSS
0.6%
CVE-2017-8900 MEDIUM PATCH This Month

LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Ubuntu Authentication Bypass Lightdm
NVD
CVSS 3.0
4.6
EPSS
0.1%
CVE-2017-7358 HIGH POC This Week

In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Debian Lightdm Ubuntu Linux
NVD Exploit-DB
CVSS 3.0
7.3
EPSS
1.7%
CVE-2012-1111 MEDIUM POC This Month

lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lightdm
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2012-0943 LOW POC PATCH Monitor

debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Debian Privilege Escalation Ubuntu Lightdm Ubuntu Linux
NVD Exploit-DB
CVSS 2.0
2.1
EPSS
0.2%
CVE-2013-4331 LOW Monitor

Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lightdm
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2013-4459 LOW POC Monitor

LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account. Rated low severity (CVSS 3.3). Public exploit code available and no vendor patch available.

Privilege Escalation Lightdm Ubuntu Linux
NVD
CVSS 2.0
3.3
EPSS
0.1%
EPSS 1% CVSS 5.9
MEDIUM This Month

Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service (process crash) via an. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Lightdm
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Ubuntu Authentication Bypass Lightdm
NVD
EPSS 2% CVSS 7.3
HIGH POC This Week

In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Debian Lightdm +1
NVD Exploit-DB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lightdm
NVD
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Debian Privilege Escalation Ubuntu +2
NVD Exploit-DB
EPSS 0% CVSS 2.1
LOW Monitor

Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lightdm
NVD
EPSS 0% CVSS 3.3
LOW POC Monitor

LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account. Rated low severity (CVSS 3.3). Public exploit code available and no vendor patch available.

Privilege Escalation Lightdm Ubuntu Linux
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy