CVSS: 2.1EPSS: 0%CPEs: 19EXPL: 0CVE-2013-4143
https://notcve.org/view.php?id=CVE-2013-4143
The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts. Las funciones (1) checkPasswd y (2) checkGroupXlockPasswds en xlockmore anterior a 5.43 no se manejan debidamente cuando un valor nulo está devuelto en un error por la función crypt o dispcrypt tal y como está implementado en glibc 2.17 y posteriores, lo que permite a atacantes evadir el bloqueo de pantalla a través de vectores relacionados con salts inválidos. • http://openwall.com/lists/oss-security/2013/07/16/8 http://openwall.com/lists/oss-security/2013/07/18/6 http://www.tux.org/~bagleyd/xlock/xlockmore.README •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 3CVE-2000-0763 – David Bagley xlock 4.16 - User Supplied Format String
https://notcve.org/view.php?id=CVE-2000-0763
xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option. • https://www.exploit-db.com/exploits/20154 https://www.exploit-db.com/exploits/20153 http://archives.neohapsis.com/archives/bugtraq/2000-08/0212.html http://archives.neohapsis.com/archives/bugtraq/2000-08/0294.html http://archives.neohapsis.com/archives/freebsd/2000-08/0340.html http://www.debian.org/security/2000/20000816 http://www.securityfocus.com/bid/1585 http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000815231724.A14694%40subterrain.net •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2000-0455
https://notcve.org/view.php?id=CVE-2000-0455
Buffer overflow in xlockmore xlock program version 4.16 and earlier allows local users to read sensitive data from memory via a long -mode option. • ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-003.txt.asc http://archives.neohapsis.com/archives/bugtraq/2000-05/0375.html http://www.nai.com/nai_labs/asp_set/advisory/41initialized.asp http://www.securityfocus.com/bid/1267 •