Sddm Project

sddm_project

5 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-28049 4Debian FedoraprojectOpensuse+1 more 4Debian Linux FedoraLeap+1 more Nov 21, 2024 Nov 4, 2020 N/A· v4 6.3 MEDIUM· v3 3.3 LOW· v2 An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper...Show more An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.Show less
CVE-2018-14345 1Sddm Project 1Sddm Nov 21, 2024 Jul 17, 2018 N/A· v4 7.5 HIGH· v3 6.0 MEDIUM· v2 An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock...Show more An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp.Show less
CVE-2014-7272 2Fedoraproject Sddm Project 2Fedora Sddm Nov 21, 2024 Mar 8, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in...Show more Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases).Show less
CVE-2014-7271 2Fedoraproject Sddm Project 2Fedora Sddm Nov 21, 2024 Mar 8, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication.
CVE-2015-0856 2Fedoraproject Sddm Project 2Fedora Sddm May 6, 2026 Nov 24, 2015 N/A· v4 N/A· v3 4.6 MEDIUM· v2 daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspa...Show more daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.Show less