CVE-2014-3203

Unity before 7.2.1 (as used in Ubuntu 14.04) has a vulnerability where the Dash can be accessed while the lock screen is active, allowing physically proximate attackers to bypass the lock screen and run arbitrary commands by pressing the SUPER key before auto-lock. Root cause: insufficient restri...

CVE-2014-3204

Unity before 7.2.1, as used in Ubuntu 14.04, is vulnerable to local bypass of the lock screen. The issue arises when a user right-clicks the indicator bar and then presses ALT+F2, enabling a physically proximate attacker to bypass the lock screen and execute arbitrary commands. Affected component...

CVE-2014-5195

Unity components used in Ubuntu (before 7.2.3 and 7.3.x before 7.3.1) fail to grab keyboard focus when switching to the lock screen, enabling a local attacker to bypass the lock screen under scenarios such as text being selected at lock or resuming from suspend. Affected: Unity lock-screen focus ...

CVE-2014-3202

Unity before 7.2.1 improperly handles entry activation, allowing physically proximate attackers to bypass the lock screen by holding ENTER, causing the process to crash. Affected: Unity; root cause: incorrect handling of entry activation; impact: local bypass of lock screen and crash. Remediation...