VYPR
Vendor

Sddm Project

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2014-7272HigMar 8, 2018
    risk 0.44cvss 7.8epss 0.00

    Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race…

  • CVE-2014-7271HigMar 8, 2018
    risk 0.44cvss 7.8epss 0.00

    Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication.

  • CVE-2018-14345HigJul 17, 2018
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to…

  • CVE-2020-28049Nov 4, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server…

  • CVE-2015-0856Nov 24, 2015
    risk 0.00cvss epss 0.00

    daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.