4.6

CVE-2016-10894

EPSS 0.04%
Published 16.08.2019 03:15:11
Last modified 21.11.2024 02:45:00
Source cve@mitre.org
Teams watchlist Login
Open Login

xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger).

Affected products Warnungen 0 Metrics 3 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Xtrlock Project ≫ Xtrlock Version <= 2.10

Debian ≫ Debian Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.103

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.6	0.9	3.6	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:P/A:N

https://bugs.debian.org/830726

Patch

Third Party Advisory

Issue Tracking

https://lists.debian.org/debian-lts-announce/2019/10/msg00019.html

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2016-10894

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-10894

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-10894

EUVD