Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Xscreensaver
(Xscreensaver_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-06-10 | CVE-2021-34557 | XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs. | Fedora, Xscreensaver | 4.6 | ||
| 2021-04-21 | CVE-2021-31523 | The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency. | Xscreensaver | 7.8 | ||
| 2019-11-27 | CVE-2011-2187 | xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication. | Debian_linux, Xscreensaver | N/A | ||
| 2015-11-10 | CVE-2015-8025 | driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors. | Ubuntu_linux, Xscreensaver | N/A |