SDDM Project SDDM (Simple Desktop Display Manager) 0.15.0

CPE Details

SDDM Project SDDM (Simple Desktop Display Manager) 0.15.0
sddm_project
sddm
0.15.0
2019-06-14
09h58 +00:00
2019-06-14
09h58 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:sddm_project:sddm:0.15.0:*:*:*:*:*:*:*

Informations

Vendor

sddm_project

Product

sddm

Version

0.15.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-28049 2020-11-03 23h00 +00:00 An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.
6.3
Medium
CVE-2018-14345 2018-07-17 14h00 +00:00 An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp.
7.5
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.