MidnightBSD

Advisories for ibus_project

CVE-2013-4509 LOW

The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
opensuse opensuse 13.1
ibus_project ibus *
ibus_project ibus 1.5.4
CVE-2019-14822 LOW

A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-862,CWE-862,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
oracle zfs_storage_appliance_kit 8.8
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.10
ibus_project ibus *