CVE-2016-10894

MEDIUM Year: 2016
CVSS v3 Score
4.6
Medium
CVSS v2 Score
2.1
Low
Weakness Type
CWE-254
View all →

Vulnerability Description

xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger).

Related Vulnerabilities

CVE-2016-5933

MEDIUM
CVSS:4.6(Medium)

IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223.

CWE-2542016

CVE-2016-7597

MEDIUM
CVSS:4.6(Medium)

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to maintain the unlocked sta...

CWE-2542016

CVE-2016-7638

MEDIUM
CVSS:4.6(Medium)

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Find My iPhone" component, which allows physically proximate attackers to disable this component...

CWE-2542016

CVE-2021-40006

MEDIUM
CVSS:4.6(Medium)

Vulnerability of design defects in the security algorithm component. Successful exploitation of this vulnerability may affect confidentiality.

CWE-2542021

CVE-2017-11818

MEDIUM
CVSS:4.5(Medium)

The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypas...

CWE-2542017

CVE-2016-7959

MEDIUM
CVSS:4.7(Medium)

Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to ...

CWE-2542016