Sddm
Monthly
An issue was discovered in SDDM before 0.19.0. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.
An issue was discovered in SDDM through 0.17.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.
daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.
An issue was discovered in SDDM before 0.19.0. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.
An issue was discovered in SDDM through 0.17.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.
daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.