VDB
CVE-2016-10894
CVE-2016-10894
PUBLISHED
xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger).
EPSS 0.04% · 14.1th percentile
Risk Scores
EPSS Score
0.04%
14.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | xtrlock | 0, 2.8 |
| Ubuntu:16.04:LTS | xtrlock | 0, 2.7 |
Exploit Intelligence
Timeline
- Aug 16, 2019 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-10894 third-party-advisory
- https://bugs.debian.org/830726 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-10894 third-party-advisory