CVE-2020-28049
- EPSS 0.04%
- Veröffentlicht 04.11.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 05:22:16
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attack...
CVE-2018-14345
- EPSS 0.26%
- Veröffentlicht 17.07.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:48:52
An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is...
CVE-2014-7271
- EPSS 0.09%
- Veröffentlicht 08.03.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 02:16:39
Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication.
CVE-2014-7272
- EPSS 0.15%
- Veröffentlicht 08.03.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 02:16:39
Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires...
CVE-2015-0856
- EPSS 0.17%
- Veröffentlicht 24.11.2015 20:59:00
- Zuletzt bearbeitet 12.04.2025 10:46:40
daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.