CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-28049 – Gentoo Linux Security Advisory 202402-02
https://notcve.org/view.php?id=CVE-2020-28049
04 Nov 2020 — An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation. Se detectó un problema en SDDM versiones anteriores a 0.19.0. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00031.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14345
https://notcve.org/view.php?id=CVE-2018-14345
17 Jul 2018 — An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp. Se ha descubierto un problema en SDDM hasta su versión 0.17.0. • https://bugzilla.suse.com/show_bug.cgi?id=1101450 • CWE-287: Improper Authentication CWE-613: Insufficient Session Expiration •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-7271
https://notcve.org/view.php?id=CVE-2014-7271
08 Mar 2018 — Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication. Simple Desktop Display Manager (SDDM) en versiones anteriores a la 0.10.0 permite que los usuarios locales inicien sesión como usuario "sddm" sin autenticación. • http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-7272
https://notcve.org/view.php?id=CVE-2014-7272
08 Mar 2018 — Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases). Simple Desktop Display Manager (SDDM), en versiones anteriores a la 0.10.0, permite que los usuarios locales obtengan privilegios root, ya que la ejecución de código como ro... • http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0856
https://notcve.org/view.php?id=CVE-2015-0856
24 Nov 2015 — daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme. daemon/Greeter.cpp en sddm en versiones anteriores 0.13.0 no deshabilita adecuadamente el manejo de caída de KDE, lo que permite a usuarios locales obtener privilegios mediante la caída de un greeter cuando utiliza ciertos temas, según lo demostrado por el tema breeze en áre... • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171443.html • CWE-264: Permissions, Privileges, and Access Controls •