Vulnerabilities > Sddm Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-04 | CVE-2020-28049 | Race Condition vulnerability in multiple products An issue was discovered in SDDM before 0.19.0. | 6.3 |
| 2018-07-17 | CVE-2018-14345 | Improper Authentication vulnerability in Sddm Project Sddm An issue was discovered in SDDM through 0.17.0. | 6.0 |
| 2018-03-08 | CVE-2014-7272 | Permissions, Privileges, and Access Controls vulnerability in multiple products Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases). | 7.2 |
| 2018-03-08 | CVE-2014-7271 | Missing Authentication for Critical Function vulnerability in multiple products Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication. | 4.6 |
| 2015-11-24 | CVE-2015-0856 | Permissions, Privileges, and Access Controls vulnerability in multiple products daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme. | 4.6 |