CVE-2025-26651

CVE-2025-26651 is a Windows Local Session Manager (LSM) denial-of-service vulnerability. An authorized attacker could trigger a network-based DoS by exploiting an exposed dangerous method/function in LSM. The issue is documented across multiple sources and is being addressed by Microsoft security...

Windows Local Session Manager (LSM) Denial of Service Vulnerability

Exposed dangerous method or function in Windows Local Session Manager LSM allows an authorized attacker to deny service over a network...

PT-2025-15503 · Microsoft · Windows Local Session Manager +1

Name of the Vulnerable Software and Affected Versions: Windows Local Session Manager LSM affected versions not specified Description: A denial-of-service issue exists, allowing an authorized attacker to deny service over a network by exploiting an exposed dangerous method or function in the Windo...

Application launch is stuck at the stage "Please wait for the Local Session Manager"

Application launch is stuck at the stage "Please wait for the Local Session Manager". Launch is initiated using FAS enabled storefront URL. No error message displayed to user. No credential prompt. The launch works fine when using storefront URL without FAS...

Astra Linux – Vulnerability in Plasma-Workspace

In KDE Plasma Workspaces also known as plasma-workspace, prior to versions 5.27.11.1 and 6.x, before version 6.0.5.1, connections were made via ICE, purely based on the host system. This means that all local connections were accepted. This allowed another user on the same machine to gain access t...

Slackware: Security Advisory (SSA:2024-240-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GL.iNet多款产品 安全漏洞

GL.iNet MT3000 and others are products of China's GL.iNet GL.iNet.GL.iNet MT3000 is an AX3000 portable router that uses the Wi-Fi 6 protocol.GL.iNet MT6000 is a router.GL.iNet XE3000 is an intelligent router. A security vulnerability exists in several GL.iNet products. The vulnerability stems fro...

OESA-2024-1937 plasma-workspace security update

Plasma 5 libraries and runtime components Security Fixes: KSmserver in KDE Plasma Workspace aka plasma-workspace before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to...

VDA launch stuck at "Please wait for local session manager" for version 2303 or later

VDA launch may stuck at "Please wait for local session manager" after VDA 2303 or later...

KDE Plasma Workspaces: Privilege Escalation

Background KDE Plasma workspace is a widget based desktop environment designed to be fast and efficient. Description Multiple vulnerabilities have been discovered in KDE Plasma Workspaces. Please review the CVE identifiers referenced below for details. Impact KSmserver, KDE's XSMP manager,...

CVE-2024-36041

KSmserver in KDE Plasma Workspace aka plasma-workspace before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the...

CVE-2024-36041

KSmserver in KDE Plasma Workspace aka plasma-workspace before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the...

DEBIAN-CVE-2024-36041

KSmserver in KDE Plasma Workspace aka plasma-workspace before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the...

CVE-2024-36041

KSmserver in KDE Plasma Workspace aka plasma-workspace before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the...

CVE-2024-36041

KSmserver in KDE Plasma Workspace aka plasma-workspace before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the...

CVE-2024-36041

KSmserver in KDE Plasma Workspace aka plasma-workspace before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the...

USN-6843-1: Plasma Workspace vulnerability

Fabian Vogt discovered that Plasma Workspace incorrectly handled connections via ICE. A local attacker could possibly use this issue to gain access to another user's session manager and execute arbitrary code...

FreeBSD : plasma[56]-plasma-workspace -- Unauthorized users can access session manager (479df73e-2838-11ef-9cab-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 479df73e-2838-11ef-9cab-4ccc6adda413 advisory. David Edmundson reports: KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE based...

MGASA-2024-0214 Updated plasma-workspace packages fix security vulnerability

KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE based purely on the host, allowing all local connections. This allows another user on the same machine to gain access to the session manager. A well crafted client could use the session restore feature to execute arbitrary code...

Updated plasma-workspace packages fix security vulnerability

KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE based purely on the host, allowing all local connections. This allows another user on the same machine to gain access to the session manager. A well crafted client could use the session restore feature to execute arbitrary code...