VYPR

ldm

by Ltsp

CVEs (2)

  • CVE-2019-20373Jan 9, 2020
    risk 0.00cvss epss 0.00

    LTSP LDM through 2.18.06 allows fat-client root access because the LDM_USERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script.

  • CVE-2012-1166May 21, 2014
    risk 0.00cvss epss 0.05

    The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.