Aggregates CVE and security vulnerability intelligence across all xscreensaver_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk buffer overflow; exposure may include vendor impact application crash and vendor impact memory corruption in vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-34557 | XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs. | [email protected] | 4.6 | 0.17% | 2021-06-10 | 2024-11-21 |
| CVE-2021-31523 | The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency. | [email protected] | 7.8 | 0.04% | 2021-04-21 | 2024-11-21 |
| CVE-2011-2187 | xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication. | [email protected] | 7.8 | 0.09% | 2019-11-27 | 2024-11-21 |
| CVE-2015-8025 | driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors. | [email protected] | 2.1 | 0.07% | 2015-11-10 | 2026-05-06 |