Suckless Security Vulnerabilities

CVE-2016-6866

slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and...

CVE-2012-0842

surf: cookie jar has read access from other local...

CVE-2012-1620

slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which reveals the desktop and active...