2.1

CVE-2013-1940

EPSS 0.11%
Published 13.05.2013 23:55:01
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.

Affected products Warnungen 0 Metrics 2 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

X ≫ X.Org-xserver Version <= 1.13.3

X ≫ X.Org-xserver Version1.4.0

Canonical ≫ Ubuntu Linux Version11.04

Canonical ≫ Ubuntu Linux Version11.10

Canonical ≫ Ubuntu Linux Version12.04 Update- Editionlts

Canonical ≫ Ubuntu Linux Version12.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.11%	0.264

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102391.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104089.html

http://lists.opensuse.org/opensuse-updates/2013-06/msg00015.html

http://www.debian.org/security/2013/dsa-2661

http://www.openwall.com/lists/oss-security/2013/04/18/3

http://www.ubuntu.com/usn/USN-1803-1

https://bugs.freedesktop.org/show_bug.cgi?id=63353

https://nvd.nist.gov/vuln/detail/CVE-2013-1940

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-1940

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-1940

EUVD