CVE-2013-1940
xorg-server - information disclosure
EPSS 0.08%
Description
X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.
How to fix CVE-2013-1940
To remediate CVE-2013-1940, upgrade the affected package to a fixed version below.
- Debian/xorg-server—upgrade to 2:1.12.4-6 or later
- Debian/xorg-server—upgrade to 2:1.7.7-16 or later
Is CVE-2013-1940 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2:1.12.4-6
- from 0, < 2:1.7.7-16