CVE-2015-3164
published 2015-07-01CVE-2015-3164: The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or…
low3.6CVSS 3.1
AVLACLAuNCPIPAN
The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | xorg-server | < xorg-server 2:1.17.2-1 (bookworm) | xorg-server 2:1.17.2-1 (bookworm) |
| opensuse | opensuse | — | — |
| x.org | x_server | — | — |
| x.org | x_server | — | — |
| x.org | x_server | — | — |
| x.org | x_server | — | — |
| x.org | x_server | — | — |
| x.org | x_server | — | — |
| x.org | x_server | — | — |
| x.org | xorg-server | — | — |
| x.org | xorg-server | — | — |
| x.org | xorg-server | — | — |
| x.org | xorg-server | — | — |
| x.org | xorg-server | >= 0 < 2:1.17.2-1 | 2:1.17.2-1 |
| x.org | xorg-server | >= 0 < 2:1.17.2-1 | 2:1.17.2-1 |
| x.org | xorg-server | >= 0 < 2:1.17.2-1 | 2:1.17.2-1 |
| x.org | xorg-server | >= 0 < 2:1.17.2-1 | 2:1.17.2-1 |
CVSS provenance
nvd3.6LOWAV:L/AC:L/Au:N/C:P/I:P/A:N
osv3.6LOW