Lucene search

K

[email protected]NVD:CVE-2013-1940

HistoryMay 13, 2013 - 11:55 p.m.

CVE-2013-1940

2013-05-1323:55:01

CWE-264

[email protected]

web.nvd.nist.gov

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.2%

X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.

Affected configurations

NVD

Node

xx.org-xserverRange≤1.13.3

OR

xx.org-xserverMatch1.4.0

Node

canonicalubuntu_linuxMatch11.04

OR

canonicalubuntu_linuxMatch11.10

OR

canonicalubuntu_linuxMatch12.04-lts

OR

canonicalubuntu_linuxMatch12.10

References

lists.fedoraproject.org/pipermail/package-announce/2013-April/102391.html

lists.fedoraproject.org/pipermail/package-announce/2013-April/104089.html

lists.opensuse.org/opensuse-updates/2013-06/msg00015.html

www.debian.org/security/2013/dsa-2661

www.openwall.com/lists/oss-security/2013/04/18/3

www.ubuntu.com/usn/USN-1803-1

bugs.freedesktop.org/show_bug.cgi?id=63353

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.2%

Related for NVD:CVE-2013-1940

nessus16 openvas17 ubuntu1 cvelist1 slackware1 fedora3 debiancve1 veracode1 prion1 cve1 redhat1 securityvulns2 centos1 ubuntucve1 amazon1 debian1 oraclelinux1 gentoo1