1.9

CVE-2015-2152

EPSS 0.08%
Published 18.03.2015 16:59:02
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.

Affected products Warnungen 0 Metrics 2 CWE 0 References 12

Data is provided by the National Vulnerability Database (NVD)

Xen ≫ Xen Version <= 4.5.0

Fedoraproject ≫ Fedora Version20

Fedoraproject ≫ Fedora Version21

Fedoraproject ≫ Fedora Version22

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.235

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:N/I:P/A:N

https://security.gentoo.org/glsa/201504-04

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html

Third Party Advisory

http://www.securitytracker.com/id/1031806

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/73068

http://www.securitytracker.com/id/1031919

Third Party Advisory

VDB Entry

http://xenbits.xen.org/xsa/advisory-119.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-2152

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-2152

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-2152

EUVD