Sddm Project Sddm vulnerabilities

5 known vulnerabilities affecting sddm_project/sddm.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2020-28049MEDIUMCVSS 6.3fixed in 0.19.02020-11-04
CVE-2020-28049 [MEDIUM] CWE-362 CVE-2020-28049: An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - fo An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the cli
nvd
CVE-2018-14345HIGHCVSS 7.5≤ 0.17.02018-07-17
CVE-2018-14345 [HIGH] CWE-287 CVE-2018-14345: An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password i An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp.
nvd
CVE-2014-7272HIGHCVSS 7.8fixed in 0.10.02018-03-08
CVE-2014-7272 [HIGH] CWE-264 CVE-2014-7272: Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges becau Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases).
nvd
CVE-2014-7271HIGHCVSS 7.8fixed in 0.10.02018-03-08
CVE-2014-7271 [HIGH] CWE-306 CVE-2014-7271: Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" with Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication.
nvd
CVE-2015-0856MEDIUMCVSS 4.6≤ 0.12.02015-11-24
CVE-2015-0856 [MEDIUM] CWE-264 CVE-2015-0856: daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allo daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.
nvd