CVE-2014-5195

{"id": "CVE-2014-5195", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-08-07T11:13:37.360", "references": [{"url": "http://www.osvdb.org/109788", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/68987", "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/USN-2303-1", "source": "cve@mitre.org"}, {"url": "https://bugs.launchpad.net/unity/7.2/+bug/1349128", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95199", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/109788", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/68987", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2303-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugs.launchpad.net/unity/7.2/+bug/1349128", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95199", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not properly take focus of the keyboard when switching to the lock screen, which allows physically proximate attackers to bypass the lock screen by (1) leveraging a machine that had text selected when locking or (2) resuming from a suspension."}, {"lang": "es", "value": "Unity anterior a 7.2.3 y 7.3.x anterior a 7.3.1, utilizado en Ubuntu, no toma enfoque debidamente del teclado cuando cambia al bloqueo de pantalla, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos evadir el bloqueo de pantalla mediante (1) el aprovechamiento de una maquina que ten\u00eda texto seleccionado cuando bloque\u00f3 o (2) el volver desde una suspensi\u00f3n."}], "lastModified": "2024-11-21T02:11:35.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ayatana_project:unity:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06405E5B-496D-48F7-9B01-61E4B38857DC", "versionEndIncluding": "7.2.2"}, {"criteria": "cpe:2.3:a:ayatana_project:unity:7.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "993D6701-1899-4758-A3DB-50AA9AD9EC73"}, {"criteria": "cpe:2.3:a:ayatana_project:unity:7.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4700B93F-776C-4040-B61B-374B16FCBA96"}, {"criteria": "cpe:2.3:a:ayatana_project:unity:7.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DC6342E-B85C-4870-ADAE-5FD53A973C3D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "vulnerable": false, "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}