VYPR

Xscreensaver

by Xscreensaver

CVEs (10)

  • CVE-2021-34557Jun 10, 2021
    risk 0.00cvss epss 0.00

    XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically…

  • CVE-2021-31523Apr 21, 2021
    risk 0.00cvss epss 0.00

    The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency.

  • CVE-2011-2187Nov 27, 2019
    risk 0.00cvss epss 0.00

    xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.

  • CVE-2015-8025Nov 10, 2015
    risk 0.00cvss epss 0.01

    driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors.

  • CVE-2007-5585Oct 19, 2007
    risk 0.00cvss epss 0.02

    xscreensaver 5.03 and earlier, when running without xscreensaver-gl-extras (GL extras) installed, crashes when /usr/bin/xscreensaver-gl-helper does not exist and a user attempts to unlock the screen, which allows attackers with physical access to gain access to the locked…

  • CVE-2007-1859May 2, 2007
    risk 0.00cvss epss 0.00

    XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to…

  • CVE-2004-2655Dec 31, 2004
    risk 0.00cvss epss 0.02

    rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen.

  • CVE-2003-1294Dec 31, 2003
    risk 0.00cvss epss 0.00

    Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via…

  • CVE-2003-1295Dec 31, 2003
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors "while verifying the user-password."

  • CVE-2003-0885Dec 31, 2003
    risk 0.00cvss epss 0.01

    Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the (1) apple2, (2) xanalogtv, and (3) pong screensavers, and allows local users to overwrite arbitrary files via a symlink attack.