CVE-2015-0427

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595.

CVSS v2.0 3.2 LOW

3.2^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:S/C:N/I:P/A:P

Exploitability : 3.1 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html	Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html
http://www.securityfocus.com/bid/72216
https://security.gentoo.org/glsa/201612-27
https://exchange.xforce.ibmcloud.com/vulnerabilities/100181

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
	cpe:2.3:o:opensuse:opensuse:13.1:::::::*

Information

Published : 2015-01-21 11:59

Updated : 2018-10-30 09:27

NVD link : CVE-2015-0427

Mitre link : CVE-2015-0427

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

opensuse

opensuse

oracle

vm_virtualbox

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html", "name": "openSUSE-SU-2015:0229", "tags": [], "refsource": "SUSE"}, {"url": "http://www.securityfocus.com/bid/72216", "name": "72216", "tags": [], "refsource": "BID"}, {"url": "https://security.gentoo.org/glsa/201612-27", "name": "GLSA-201612-27", "tags": [], "refsource": "GENTOO"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100181", "name": "oracle-cpujan2015-cve20150427(100181)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-0427", "ASSIGNER": "secalert_us@oracle.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 3.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "LOW", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-01-21T19:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.3.18"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-30T16:27Z"}