CVE-2013-1940
published 2013-05-13CVE-2013-1940: X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow…
low2.1CVSS 3.1
AVLACLAuNCPINAN
X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | xorg-server | < xorg-server 2:1.12.4-6 (bookworm) | xorg-server 2:1.12.4-6 (bookworm) |
| x.org | xorg-server | >= 0 < 2:1.12.4-6 | 2:1.12.4-6 |
| x.org | xorg-server | >= 0 < 2:1.12.4-6 | 2:1.12.4-6 |
| x.org | xorg-server | >= 0 < 2:1.12.4-6 | 2:1.12.4-6 |
| x.org | xorg-server | >= 0 < 2:1.12.4-6 | 2:1.12.4-6 |
| x | x.org-xserver | <= 1.13.3 | — |
| x | x.org-xserver | — | — |
CVSS provenance
nvd2.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
osv2.1LOW