Lucene search

[email protected]NVD:CVE-2015-3164

HistoryJul 01, 2015 - 2:59 p.m.

CVE-2015-3164

2015-07-0114:59:07

CWE-264

[email protected]

web.nvd.nist.gov

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.

Affected configurations

NVD

Node

opensuseopensuseMatch13.2

Node

x.orgxorg-serverMatch1.16.0

x.orgxorg-serverMatch1.16.1

x.orgxorg-serverMatch1.16.1.901

x.orgxorg-serverMatch1.16.2

x.orgxorg-serverMatch1.16.2.901

x.orgxorg-serverMatch1.16.3

x.orgxorg-serverMatch1.16.4

x.orgxorg-serverMatch1.16.99.901

x.orgxorg-serverMatch1.16.99.902

x.orgxorg-serverMatch1.17.0

x.orgxorg-serverMatch1.17.1

References

lists.freedesktop.org/archives/wayland-devel/2015-June/022548.html

lists.opensuse.org/opensuse-updates/2015-06/msg00044.html

www.securityfocus.com/bid/75535

security.gentoo.org/glsa/201701-64

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2015-3164

mageia1 cve2 nessus3 openvas1 cvelist1 prion1 ubuntucve1 debiancve1 fedora1 nvd1 gentoo1