CVE-2014-6590

2015-01-2115:28:26

oracle

web.nvd.nist.gov

cve-2014-6590

oracle vm virtualbox

oracle

virtualization

unspecified vulnerability

vmsvga

local users

integrity

availability

CVSS2

3.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:N/I:P/A:P

AI Score

Confidence

High

EPSS

0.001

Percentile

45.1%

JSON

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427.

Affected configurations

Nvd

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

oraclevm_virtualboxRange≤4.3.18

VendorProductVersionCPE
opensuseopensuse13.1cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
opensuseopensuse13.2cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
oraclevm_virtualbox*cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opensuse	opensuse	13.1	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
opensuse	opensuse	13.2	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
oracle	vm_virtualbox	*	cpe:2.3:a:oracle:vm_virtualbox::::::::