This page lists publicly disclosed CVE vulnerabilities affecting sddm_project sddm (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-28049 | An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation. | [email protected] | 6.3 | 0.41% | 2020-11-04 | 2026-06-16 |
| CVE-2018-14345 | An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp. | [email protected] | 7.5 | 1.02% | 2018-07-17 | 2026-06-16 |
| CVE-2014-7272 | Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases). | [email protected] | 7.8 | 0.40% | 2018-03-08 | 2026-06-16 |
| CVE-2014-7271 | Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication. | [email protected] | 7.8 | 0.42% | 2018-03-08 | 2026-06-16 |
| CVE-2015-0856 | daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme. | [email protected] | 4.6 | 0.41% | 2015-11-24 | 2026-06-16 |