Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Good to know:
Date: November 4, 2020
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.
Related Resources (5)
Weakness Type (CWE)
Upgrade to version 0.19.0
|Attack Vector (AV):||LOCAL|
|Attack Complexity (AC):||HIGH|
|Privileges Required (PR):||LOW|
|User Interaction (UI):||NONE|
|Access Vector (AV):||LOCAL|
|Access Complexity (AC):||MEDIUM|