2 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash. slock permite a atacantes eludir el bloqueo de pantalla a través de vectores que involucran un hash de contraseña inválido, lo que desencadena una referencia a puntero NULL y caída. • http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29 http://s1m0n.dft-labs.eu/files/slock/slock.txt http://www.openwall.com/lists/oss-security/2016/08/18/22 http://www.openwall.com/lists/oss-security/2016/08/18/24 http://www.securityfocus.com/bid/92546 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FYPV6QQPPYBL3Z2BYNYEJB67FSC55OR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZPEJQN • CWE-476: NULL Pointer Dereference •

CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 3

slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which reveals the desktop and active windows. Slock v0.9 no maneja adecuadamente el evento XRaiseWindow cuando la pantalla está bloqueada, lo que podría permitir a atacantes próximos obtener información sensible al presionar un botón, revelando así el escritorio activo de Windows • http://hg.suckless.org/slock/rev/891a4984aba6 http://secunia.com/advisories/48700 http://www.openwall.com/lists/oss-security/2012/04/06/1 http://www.openwall.com/lists/oss-security/2012/04/06/2 http://www.osvdb.org/81035 http://www.securityfocus.com/bid/52922 https://bugs.gentoo.org/show_bug.cgi?id=401645 https://bugzilla.redhat.com/show_bug.cgi?id=786310 https://exchange.xforce.ibmcloud.com/vulnerabilities/74666 • CWE-264: Permissions, Privileges, and Access Controls •