1.9

CVE-2015-2152

EPSS 0.08%
Veröffentlicht 18.03.2015 16:59:02
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xen ≫ Xen Version <= 4.5.0

Fedoraproject ≫ Fedora Version20

Fedoraproject ≫ Fedora Version21

Fedoraproject ≫ Fedora Version22

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.235

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:N/I:P/A:N

https://security.gentoo.org/glsa/201504-04

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html

Third Party Advisory

http://www.securitytracker.com/id/1031806

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/73068

http://www.securitytracker.com/id/1031919

Third Party Advisory

VDB Entry

http://xenbits.xen.org/xsa/advisory-119.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-2152

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-2152

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-2152

EUVD