3.6
CVE-2015-3164
- EPSS 0.39%
- Veröffentlicht 01.07.2015 14:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
X.Org ≫ Xorg-server Version1.16.4
X.Org ≫ Xorg-server Version1.16.99.901
X.Org ≫ Xorg-server Version1.16.99.902
X.Org ≫ Xorg-server Version1.17.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.309 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.6 | 3.9 | 4.9 |
AV:L/AC:L/Au:N/C:P/I:P/A:N
|
https://security.gentoo.org/glsa/201701-64
http://lists.freedesktop.org/archives/wayland-devel/2015-June/022548.html
http://lists.opensuse.org/opensuse-updates/2015-06/msg00044.html
http://www.securityfocus.com/bid/75535