Summary
| Detail | |||
|---|---|---|---|
| Vendor | Sddm Project | First view | 2015-11-24 |
| Product | Sddm | Last view | 2020-11-04 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:a:sddm_project:sddm:*:*:*:*:*:*:*:* | 5 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.3 | 2020-11-04 | CVE-2020-28049 | An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation. |
| 7.5 | 2018-07-17 | CVE-2018-14345 | An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp. |
| 7.8 | 2018-03-08 | CVE-2014-7272 | Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases). |
| 7.8 | 2018-03-08 | CVE-2014-7271 | Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication. |
| 4.6 | 2015-11-24 | CVE-2015-0856 | daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (2) | CWE-264 | Permissions, Privileges, and Access Controls |
| 16% (1) | CWE-613 | Insufficient Session Expiration |
| 16% (1) | CWE-362 | Race Condition |
| 16% (1) | CWE-306 | Missing Authentication for Critical Function |
| 16% (1) | CWE-287 | Improper Authentication |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-09-12 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_f00acdecb59f11e8805d001e2a3f778d.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote Fedora host is missing a security update. File: fedora_2015-9f996ea146.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote Fedora host is missing a security update. File: fedora_2015-b15b90eeaa.nasl - Type: ACT_GATHER_INFO |
| 2014-10-31 | Name: The remote Fedora host is missing a security update. File: fedora_2014-12442.nasl - Type: ACT_GATHER_INFO |
| 2014-10-29 | Name: The remote Fedora host is missing a security update. File: fedora_2014-12308.nasl - Type: ACT_GATHER_INFO |
