SDDM Project SDDM (Simple Desktop Display Manager) 0.9.0

CPE Details

SDDM Project SDDM (Simple Desktop Display Manager) 0.9.0
sddm_project
sddm
0.9.0
2019-06-14
09h58 +00:00
2019-06-14
09h58 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:sddm_project:sddm:0.9.0:*:*:*:*:*:*:*

Informations

Vendor

sddm_project

Product

sddm

Version

0.9.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-28049 2020-11-03 23h00 +00:00 An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.
6.3
Medium
CVE-2018-14345 2018-07-17 14h00 +00:00 An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp.
7.5
High
CVE-2014-7271 2018-03-08 19h00 +00:00 Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication.
7.8
High
CVE-2014-7272 2018-03-08 19h00 +00:00 Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases).
7.8
High
CVE-2015-0856 2015-11-24 19h00 +00:00 daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.
4.6
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.