CVE-2014-5195

EPSS 0.04%
Veröffentlicht 07.08.2014 11:13:37
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not properly take focus of the keyboard when switching to the lock screen, which allows physically proximate attackers to bypass the lock screen by (1) leveraging a machine that had text selected when locking or (2) resuming from a suspension.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ayatana Project ≫ Unity Version <= 7.2.2

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Ayatana Project ≫ Unity Version7.2.0

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Ayatana Project ≫ Unity Version7.2.1

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Ayatana Project ≫ Unity Version7.3.0

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.097

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://www.osvdb.org/109788

http://www.securityfocus.com/bid/68987

http://www.ubuntu.com/usn/USN-2303-1

https://bugs.launchpad.net/unity/7.2/+bug/1349128

https://exchange.xforce.ibmcloud.com/vulnerabilities/95199

https://nvd.nist.gov/vuln/detail/CVE-2014-5195

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-5195

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-5195

EUVD