Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    10 vulnerabilities by sddm_project

    CVE-2020-28049 (GCVE-0-2020-28049)

    Vulnerability from cvelistv5 – Published: 2020-11-04 00:00 – Updated: 2024-10-15 18:10
    VLAI
    Summary
    An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:33:56.915Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/sddm/sddm/releases"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-28049"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/sddm/sddm/blob/v0.19.0/ChangeLog"
              },
              {
                "name": "DSA-4783",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4783"
              },
              {
                "name": "[debian-lts-announce] 20201106 [SECURITY] [DLA 2436-1] sddm security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00009.html"
              },
              {
                "name": "openSUSE-SU-2020:1870",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00031.html"
              },
              {
                "name": "FEDORA-2021-7066b95c99",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GT3EX5NSQJJAKY63ENSMEDX6NYZLYY3S/"
              },
              {
                "name": "GLSA-202402-02",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202402-02"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-28049",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T17:16:10.736062Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-362",
                    "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T18:10:25.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-03T07:06:30.199Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/sddm/sddm/releases"
            },
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-28049"
            },
            {
              "url": "https://github.com/sddm/sddm/blob/v0.19.0/ChangeLog"
            },
            {
              "name": "DSA-4783",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4783"
            },
            {
              "name": "[debian-lts-announce] 20201106 [SECURITY] [DLA 2436-1] sddm security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00009.html"
            },
            {
              "name": "openSUSE-SU-2020:1870",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00031.html"
            },
            {
              "name": "FEDORA-2021-7066b95c99",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GT3EX5NSQJJAKY63ENSMEDX6NYZLYY3S/"
            },
            {
              "name": "GLSA-202402-02",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202402-02"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-28049",
        "datePublished": "2020-11-04T00:00:00.000Z",
        "dateReserved": "2020-11-02T00:00:00.000Z",
        "dateUpdated": "2024-10-15T18:10:25.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14345 (GCVE-0-2018-14345)

    Vulnerability from cvelistv5 – Published: 2018-07-17 14:00 – Updated: 2024-09-17 01:31
    VLAI
    Summary
    An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:21:41.578Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1101450"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-17T14:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1101450"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-14345",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1101450",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1101450"
                },
                {
                  "name": "https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-14345",
        "datePublished": "2018-07-17T14:00:00.000Z",
        "dateReserved": "2018-07-17T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:31:46.724Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-7272 (GCVE-0-2014-7272)

    Vulnerability from cvelistv5 – Published: 2018-03-08 20:00 – Updated: 2024-08-06 12:47
    VLAI
    Summary
    Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-10-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:47:32.269Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/sddm/sddm/pull/280"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1149610"
              },
              {
                "name": "FEDORA-2014-12442",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141550.html"
              },
              {
                "name": "FEDORA-2014-12308",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html"
              },
              {
                "name": "[oss-security] 20141006 Re: various sddm vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/10/06/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-08T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/sddm/sddm/pull/280"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1149610"
            },
            {
              "name": "FEDORA-2014-12442",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141550.html"
            },
            {
              "name": "FEDORA-2014-12308",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html"
            },
            {
              "name": "[oss-security] 20141006 Re: various sddm vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/10/06/4"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-7272",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/sddm/sddm/pull/280",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/sddm/sddm/pull/280"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1149610",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1149610"
                },
                {
                  "name": "FEDORA-2014-12442",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141550.html"
                },
                {
                  "name": "FEDORA-2014-12308",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html"
                },
                {
                  "name": "[oss-security] 20141006 Re: various sddm vulnerabilities",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/10/06/4"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-7272",
        "datePublished": "2018-03-08T20:00:00.000Z",
        "dateReserved": "2014-10-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:47:32.269Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-7271 (GCVE-0-2014-7271)

    Vulnerability from cvelistv5 – Published: 2018-03-08 20:00 – Updated: 2024-08-06 12:47
    VLAI
    Summary
    Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-10-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:47:32.910Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "70767",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/70767"
              },
              {
                "name": "sddm-cve20147271-sec-bypass(98421)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98421"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1149608"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/sddm/sddm/pull/279/files"
              },
              {
                "name": "FEDORA-2014-12442",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141550.html"
              },
              {
                "name": "FEDORA-2014-12308",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/sddm/sddm/wiki/0.10.0-Release-Announcement"
              },
              {
                "name": "[oss-security] 20141006 Re: various sddm vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/10/06/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user \"sddm\" without authentication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-08T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "70767",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/70767"
            },
            {
              "name": "sddm-cve20147271-sec-bypass(98421)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98421"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1149608"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/sddm/sddm/pull/279/files"
            },
            {
              "name": "FEDORA-2014-12442",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141550.html"
            },
            {
              "name": "FEDORA-2014-12308",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/sddm/sddm/wiki/0.10.0-Release-Announcement"
            },
            {
              "name": "[oss-security] 20141006 Re: various sddm vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/10/06/4"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-7271",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user \"sddm\" without authentication."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "70767",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/70767"
                },
                {
                  "name": "sddm-cve20147271-sec-bypass(98421)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98421"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1149608",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1149608"
                },
                {
                  "name": "https://github.com/sddm/sddm/pull/279/files",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/sddm/sddm/pull/279/files"
                },
                {
                  "name": "FEDORA-2014-12442",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141550.html"
                },
                {
                  "name": "FEDORA-2014-12308",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html"
                },
                {
                  "name": "https://github.com/sddm/sddm/wiki/0.10.0-Release-Announcement",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/sddm/sddm/wiki/0.10.0-Release-Announcement"
                },
                {
                  "name": "[oss-security] 20141006 Re: various sddm vulnerabilities",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/10/06/4"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-7271",
        "datePublished": "2018-03-08T20:00:00.000Z",
        "dateReserved": "2014-10-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:47:32.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-0856 (GCVE-0-2015-0856)

    Vulnerability from cvelistv5 – Published: 2015-11-24 20:00 – Updated: 2024-08-06 04:26
    VLAI
    Summary
    daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-10-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:26:11.232Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "77099",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/77099"
              },
              {
                "name": "FEDORA-2015-9f996ea146",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171443.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/sddm/sddm/wiki/0.13.0-Release-Announcement"
              },
              {
                "name": "[oss-security] 20151014 CVE-2015-0856: sddm does not prevent access to the KDE crash handler",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/10/14/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/sddm/sddm/commit/4cfed6b0a625593fb43876f04badc4dd99799d86"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-10-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-11-24T19:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "77099",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/77099"
            },
            {
              "name": "FEDORA-2015-9f996ea146",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171443.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/sddm/sddm/wiki/0.13.0-Release-Announcement"
            },
            {
              "name": "[oss-security] 20151014 CVE-2015-0856: sddm does not prevent access to the KDE crash handler",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/10/14/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/sddm/sddm/commit/4cfed6b0a625593fb43876f04badc4dd99799d86"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2015-0856",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "77099",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/77099"
                },
                {
                  "name": "FEDORA-2015-9f996ea146",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171443.html"
                },
                {
                  "name": "https://github.com/sddm/sddm/wiki/0.13.0-Release-Announcement",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/sddm/sddm/wiki/0.13.0-Release-Announcement"
                },
                {
                  "name": "[oss-security] 20151014 CVE-2015-0856: sddm does not prevent access to the KDE crash handler",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/10/14/2"
                },
                {
                  "name": "https://github.com/sddm/sddm/commit/4cfed6b0a625593fb43876f04badc4dd99799d86",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/sddm/sddm/commit/4cfed6b0a625593fb43876f04badc4dd99799d86"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2015-0856",
        "datePublished": "2015-11-24T20:00:00.000Z",
        "dateReserved": "2015-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:26:11.232Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-28049 (GCVE-0-2020-28049)

    Vulnerability from nvd – Published: 2020-11-04 00:00 – Updated: 2024-10-15 18:10
    VLAI
    Summary
    An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:33:56.915Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/sddm/sddm/releases"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-28049"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/sddm/sddm/blob/v0.19.0/ChangeLog"
              },
              {
                "name": "DSA-4783",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4783"
              },
              {
                "name": "[debian-lts-announce] 20201106 [SECURITY] [DLA 2436-1] sddm security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00009.html"
              },
              {
                "name": "openSUSE-SU-2020:1870",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00031.html"
              },
              {
                "name": "FEDORA-2021-7066b95c99",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GT3EX5NSQJJAKY63ENSMEDX6NYZLYY3S/"
              },
              {
                "name": "GLSA-202402-02",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202402-02"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-28049",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T17:16:10.736062Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-362",
                    "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T18:10:25.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-03T07:06:30.199Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/sddm/sddm/releases"
            },
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-28049"
            },
            {
              "url": "https://github.com/sddm/sddm/blob/v0.19.0/ChangeLog"
            },
            {
              "name": "DSA-4783",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4783"
            },
            {
              "name": "[debian-lts-announce] 20201106 [SECURITY] [DLA 2436-1] sddm security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00009.html"
            },
            {
              "name": "openSUSE-SU-2020:1870",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00031.html"
            },
            {
              "name": "FEDORA-2021-7066b95c99",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GT3EX5NSQJJAKY63ENSMEDX6NYZLYY3S/"
            },
            {
              "name": "GLSA-202402-02",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202402-02"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-28049",
        "datePublished": "2020-11-04T00:00:00.000Z",
        "dateReserved": "2020-11-02T00:00:00.000Z",
        "dateUpdated": "2024-10-15T18:10:25.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14345 (GCVE-0-2018-14345)

    Vulnerability from nvd – Published: 2018-07-17 14:00 – Updated: 2024-09-17 01:31
    VLAI
    Summary
    An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:21:41.578Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1101450"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-17T14:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1101450"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-14345",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1101450",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1101450"
                },
                {
                  "name": "https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-14345",
        "datePublished": "2018-07-17T14:00:00.000Z",
        "dateReserved": "2018-07-17T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:31:46.724Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-7272 (GCVE-0-2014-7272)

    Vulnerability from nvd – Published: 2018-03-08 20:00 – Updated: 2024-08-06 12:47
    VLAI
    Summary
    Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-10-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:47:32.269Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/sddm/sddm/pull/280"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1149610"
              },
              {
                "name": "FEDORA-2014-12442",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141550.html"
              },
              {
                "name": "FEDORA-2014-12308",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html"
              },
              {
                "name": "[oss-security] 20141006 Re: various sddm vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/10/06/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-08T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/sddm/sddm/pull/280"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1149610"
            },
            {
              "name": "FEDORA-2014-12442",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141550.html"
            },
            {
              "name": "FEDORA-2014-12308",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html"
            },
            {
              "name": "[oss-security] 20141006 Re: various sddm vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/10/06/4"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-7272",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/sddm/sddm/pull/280",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/sddm/sddm/pull/280"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1149610",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1149610"
                },
                {
                  "name": "FEDORA-2014-12442",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141550.html"
                },
                {
                  "name": "FEDORA-2014-12308",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html"
                },
                {
                  "name": "[oss-security] 20141006 Re: various sddm vulnerabilities",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/10/06/4"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-7272",
        "datePublished": "2018-03-08T20:00:00.000Z",
        "dateReserved": "2014-10-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:47:32.269Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-7271 (GCVE-0-2014-7271)

    Vulnerability from nvd – Published: 2018-03-08 20:00 – Updated: 2024-08-06 12:47
    VLAI
    Summary
    Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-10-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:47:32.910Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "70767",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/70767"
              },
              {
                "name": "sddm-cve20147271-sec-bypass(98421)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98421"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1149608"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/sddm/sddm/pull/279/files"
              },
              {
                "name": "FEDORA-2014-12442",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141550.html"
              },
              {
                "name": "FEDORA-2014-12308",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/sddm/sddm/wiki/0.10.0-Release-Announcement"
              },
              {
                "name": "[oss-security] 20141006 Re: various sddm vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/10/06/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user \"sddm\" without authentication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-08T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "70767",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/70767"
            },
            {
              "name": "sddm-cve20147271-sec-bypass(98421)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98421"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1149608"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/sddm/sddm/pull/279/files"
            },
            {
              "name": "FEDORA-2014-12442",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141550.html"
            },
            {
              "name": "FEDORA-2014-12308",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/sddm/sddm/wiki/0.10.0-Release-Announcement"
            },
            {
              "name": "[oss-security] 20141006 Re: various sddm vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/10/06/4"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-7271",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user \"sddm\" without authentication."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "70767",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/70767"
                },
                {
                  "name": "sddm-cve20147271-sec-bypass(98421)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98421"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1149608",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1149608"
                },
                {
                  "name": "https://github.com/sddm/sddm/pull/279/files",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/sddm/sddm/pull/279/files"
                },
                {
                  "name": "FEDORA-2014-12442",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141550.html"
                },
                {
                  "name": "FEDORA-2014-12308",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html"
                },
                {
                  "name": "https://github.com/sddm/sddm/wiki/0.10.0-Release-Announcement",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/sddm/sddm/wiki/0.10.0-Release-Announcement"
                },
                {
                  "name": "[oss-security] 20141006 Re: various sddm vulnerabilities",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/10/06/4"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-7271",
        "datePublished": "2018-03-08T20:00:00.000Z",
        "dateReserved": "2014-10-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:47:32.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-0856 (GCVE-0-2015-0856)

    Vulnerability from nvd – Published: 2015-11-24 20:00 – Updated: 2024-08-06 04:26
    VLAI
    Summary
    daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-10-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:26:11.232Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "77099",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/77099"
              },
              {
                "name": "FEDORA-2015-9f996ea146",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171443.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/sddm/sddm/wiki/0.13.0-Release-Announcement"
              },
              {
                "name": "[oss-security] 20151014 CVE-2015-0856: sddm does not prevent access to the KDE crash handler",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/10/14/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/sddm/sddm/commit/4cfed6b0a625593fb43876f04badc4dd99799d86"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-10-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-11-24T19:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "77099",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/77099"
            },
            {
              "name": "FEDORA-2015-9f996ea146",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171443.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/sddm/sddm/wiki/0.13.0-Release-Announcement"
            },
            {
              "name": "[oss-security] 20151014 CVE-2015-0856: sddm does not prevent access to the KDE crash handler",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/10/14/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/sddm/sddm/commit/4cfed6b0a625593fb43876f04badc4dd99799d86"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2015-0856",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "77099",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/77099"
                },
                {
                  "name": "FEDORA-2015-9f996ea146",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171443.html"
                },
                {
                  "name": "https://github.com/sddm/sddm/wiki/0.13.0-Release-Announcement",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/sddm/sddm/wiki/0.13.0-Release-Announcement"
                },
                {
                  "name": "[oss-security] 20151014 CVE-2015-0856: sddm does not prevent access to the KDE crash handler",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/10/14/2"
                },
                {
                  "name": "https://github.com/sddm/sddm/commit/4cfed6b0a625593fb43876f04badc4dd99799d86",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/sddm/sddm/commit/4cfed6b0a625593fb43876f04badc4dd99799d86"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2015-0856",
        "datePublished": "2015-11-24T20:00:00.000Z",
        "dateReserved": "2015-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:26:11.232Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }