← Back

CVE-2011-2187

nvd nist
Published: Nov 27, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.

Affected (4)

Xscreensaver Project
1 product
Xscreensaver
Debian
1 product
Debian Linux
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Xscreensaver
Before 5.14
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 10.0
Debian Linux
Version 8.0
Debian Linux
Version 9.0

Related CWEs

CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (12)

Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
ExploitThird Party Advisory
Source: secalert@redhat.com
ExploitIssue TrackingThird Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Release NotesVendor Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory

Timeline

No history available yet.