Lucene search

[email protected]CVE-2012-1620

HistoryJul 12, 2012 - 7:55 p.m.

CVE-2012-1620

2012-07-1219:55:00

CWE-264

[email protected]

web.nvd.nist.gov

slock

xraisewindow

vulnerability

nvd

cve-2012-1620

6.1 Medium

AI Score

Confidence

High

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

25.2%

JSON

slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which reveals the desktop and active windows.

CPENameOperatorVersion
suckless:slocksuckless slockeq0.9

CPE	Name	Operator	Version
suckless:slock	suckless slock	eq	0.9

References

hg.suckless.org/slock/rev/891a4984aba6

secunia.com/advisories/48700

www.openwall.com/lists/oss-security/2012/04/06/1

www.openwall.com/lists/oss-security/2012/04/06/2

www.osvdb.org/81035

www.securityfocus.com/bid/52922

bugs.gentoo.org/show_bug.cgi?id=401645

bugzilla.redhat.com/show_bug.cgi?id=786310

exchange.xforce.ibmcloud.com/vulnerabilities/74666

6.1 Medium

AI Score

Confidence

High

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

25.2%

JSON

Related for CVE-2012-1620

debiancve1 prion1 openvas5 fedora2 gentoo1 nessus1