Search criteria
4 vulnerabilities by xscreensaver_project
CVE-2021-34557 (GCVE-0-2021-34557)
Vulnerability from cvelistv5 – Published: 2021-06-10 15:54 – Updated: 2024-08-04 00:12
VLAI?
Summary
XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:50.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/QubesOS/qubes-issues/issues/6595"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/06/05/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-068-2021.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch"
},
{
"name": "[oss-security] 20210611 Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/11/1"
},
{
"name": "[oss-security] 20210706 xscreensaver 5.45 crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/06/2"
},
{
"name": "FEDORA-2021-5af4452ffd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TC4QB7TRS4GS7LDXQQ4PC6J3LVFJYISV/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-19T02:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/QubesOS/qubes-issues/issues/6595"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/06/05/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-068-2021.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch"
},
{
"name": "[oss-security] 20210611 Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/11/1"
},
{
"name": "[oss-security] 20210706 xscreensaver 5.45 crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/06/2"
},
{
"name": "FEDORA-2021-5af4452ffd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TC4QB7TRS4GS7LDXQQ4PC6J3LVFJYISV/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-34557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/QubesOS/qubes-issues/issues/6595",
"refsource": "MISC",
"url": "https://github.com/QubesOS/qubes-issues/issues/6595"
},
{
"name": "https://www.openwall.com/lists/oss-security/2021/06/05/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/06/05/1"
},
{
"name": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-068-2021.txt",
"refsource": "MISC",
"url": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-068-2021.txt"
},
{
"name": "https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch",
"refsource": "MISC",
"url": "https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch"
},
{
"name": "[oss-security] 20210611 Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/06/11/1"
},
{
"name": "[oss-security] 20210706 xscreensaver 5.45 crash",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/07/06/2"
},
{
"name": "FEDORA-2021-5af4452ffd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TC4QB7TRS4GS7LDXQQ4PC6J3LVFJYISV/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-34557",
"datePublished": "2021-06-10T15:54:35",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-08-04T00:12:50.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31523 (GCVE-0-2021-31523)
Vulnerability from cvelistv5 – Published: 2021-04-21 18:41 – Updated: 2024-08-03 23:03
VLAI?
Summary
The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/04/17/1"
},
{
"name": "[oss-security] 20210421 Re: xscreensaver package caps gets raw socket",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/21/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-21T20:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/04/17/1"
},
{
"name": "[oss-security] 20210421 Re: xscreensaver package caps gets raw socket",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/21/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2021/04/17/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/04/17/1"
},
{
"name": "[oss-security] 20210421 Re: xscreensaver package caps gets raw socket",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/04/21/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31523",
"datePublished": "2021-04-21T18:41:23",
"dateReserved": "2021-04-21T00:00:00",
"dateUpdated": "2024-08-03T23:03:33.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2187 (GCVE-0-2011-2187)
Vulnerability from cvelistv5 – Published: 2019-11-27 17:28 – Updated: 2024-08-06 22:53
VLAI?
Summary
xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.
Severity ?
No CVSS data available.
CWE
- exits when activated (DPMSForceLevel)
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| xscreensaver | xscreensaver |
Affected:
before 5.14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:53:17.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2187"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2187"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382"
},
{
"name": "[oss-security] 20110606 Re: CVE Request -- xscreensaver -- exits when activated",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/06/06/17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jwz.org/xscreensaver/changelog.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xscreensaver",
"vendor": "xscreensaver",
"versions": [
{
"status": "affected",
"version": "before 5.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "exits when activated (DPMSForceLevel)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-27T17:28:08",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2187"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2187"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382"
},
{
"name": "[oss-security] 20110606 Re: CVE Request -- xscreensaver -- exits when activated",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2011/06/06/17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jwz.org/xscreensaver/changelog.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xscreensaver",
"version": {
"version_data": [
{
"version_value": "before 5.14"
}
]
}
}
]
},
"vendor_name": "xscreensaver"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "exits when activated (DPMSForceLevel)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-2187",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2187"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187"
},
{
"name": "https://access.redhat.com/security/cve/cve-2011-2187",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2011-2187"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382"
},
{
"name": "[oss-security] 20110606 Re: CVE Request -- xscreensaver -- exits when activated",
"refsource": "MLIST",
"url": "https://www.openwall.com/lists/oss-security/2011/06/06/17"
},
{
"name": "https://www.jwz.org/xscreensaver/changelog.html",
"refsource": "MISC",
"url": "https://www.jwz.org/xscreensaver/changelog.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2187",
"datePublished": "2019-11-27T17:28:08",
"dateReserved": "2011-05-31T00:00:00",
"dateUpdated": "2024-08-06T22:53:17.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8025 (GCVE-0-2015-8025)
Vulnerability from cvelistv5 – Published: 2015-11-10 16:00 – Updated: 2024-08-06 08:06
VLAI?
Summary
driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jwz.org/blog/2015/10/xscreensaver-5-34/"
},
{
"name": "1034052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034052"
},
{
"name": "openSUSE-SU-2015:2032",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00102.html"
},
{
"name": "DSA-3438",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3438"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "[oss-security] 20151024 CVE request: xscreensaver aborts when unpluging second monitor cable when asking password",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/24/2"
},
{
"name": "[oss-security] 20151025 Re: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/25/1"
},
{
"name": "[oss-security] 20151029 Re: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/29/12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/Thaolia/status/656823859304398848"
},
{
"name": "USN-2789-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2789-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jwz.org/blog/2015/10/xscreensaver-5-34/"
},
{
"name": "1034052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034052"
},
{
"name": "openSUSE-SU-2015:2032",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00102.html"
},
{
"name": "DSA-3438",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3438"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "[oss-security] 20151024 CVE request: xscreensaver aborts when unpluging second monitor cable when asking password",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/24/2"
},
{
"name": "[oss-security] 20151025 Re: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/25/1"
},
{
"name": "[oss-security] 20151029 Re: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/29/12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/Thaolia/status/656823859304398848"
},
{
"name": "USN-2789-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2789-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jwz.org/blog/2015/10/xscreensaver-5-34/",
"refsource": "CONFIRM",
"url": "https://www.jwz.org/blog/2015/10/xscreensaver-5-34/"
},
{
"name": "1034052",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034052"
},
{
"name": "openSUSE-SU-2015:2032",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00102.html"
},
{
"name": "DSA-3438",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3438"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "[oss-security] 20151024 CVE request: xscreensaver aborts when unpluging second monitor cable when asking password",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/24/2"
},
{
"name": "[oss-security] 20151025 Re: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/25/1"
},
{
"name": "[oss-security] 20151029 Re: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/29/12"
},
{
"name": "https://twitter.com/Thaolia/status/656823859304398848",
"refsource": "MISC",
"url": "https://twitter.com/Thaolia/status/656823859304398848"
},
{
"name": "USN-2789-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2789-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8025",
"datePublished": "2015-11-10T16:00:00",
"dateReserved": "2015-10-29T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}