Lucene search

[email protected]CVE-2012-1620

HistoryJul 12, 2012 - 7:55 p.m.

CVE-2012-1620

2012-07-1219:55:05

CWE-264

[email protected]

web.nvd.nist.gov

slock

xraisewindow

vulnerability

nvd

cve-2012-1620

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

26.0%

JSON

slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which reveals the desktop and active windows.

Affected configurations

NVD

Node

sucklessslockMatch0.9

VendorProductVersionCPE
sucklessslock0.9cpe:/a:suckless:slock:0.9:::

Vendor	Product	Version	CPE
suckless	slock	0.9	cpe:/a:suckless:slock:0.9:::

References

hg.suckless.org/slock/rev/891a4984aba6

secunia.com/advisories/48700

www.openwall.com/lists/oss-security/2012/04/06/1

www.openwall.com/lists/oss-security/2012/04/06/2

www.osvdb.org/81035

www.securityfocus.com/bid/52922

bugs.gentoo.org/show_bug.cgi?id=401645

bugzilla.redhat.com/show_bug.cgi?id=786310

exchange.xforce.ibmcloud.com/vulnerabilities/74666

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

26.0%

JSON

Related for CVE-2012-1620

cvelist1 debiancve1 nvd1 prion1 openvas5 fedora2 gentoo1 nessus1