4.6

CVE-2016-10894

EPSS 0.04%
Veröffentlicht 16.08.2019 03:15:11
Zuletzt bearbeitet 21.11.2024 02:45:00
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xtrlock Project ≫ Xtrlock Version <= 2.10

Debian ≫ Debian Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.103

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.6	0.9	3.6	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:P/A:N

https://bugs.debian.org/830726

Patch

Third Party Advisory

Issue Tracking

https://lists.debian.org/debian-lts-announce/2019/10/msg00019.html

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2016-10894

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-10894

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-10894

EUVD