VYPR

Spice Xpi

by Red Hat

Source repositories

CVEs (6)

  • CVE-2016-9578HigJul 27, 2018
    risk 0.42cvss 7.5epss 0.02

    A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.

  • CVE-2016-9577HigJul 27, 2018
    risk 0.42cvss 7.5epss 0.04

    A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

  • CVE-2011-1179Apr 18, 2011
    risk 0.00cvss epss 0.04

    The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) plugin/nsScriptablePeer.cpp and (2) plugin/plugin.cpp, which trigger…

  • CVE-2011-0012Apr 18, 2011
    risk 0.00cvss epss 0.00

    The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name.

  • CVE-2010-2794Aug 30, 2010
    risk 0.00cvss epss 0.00

    The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file.

  • CVE-2010-2792Aug 30, 2010
    risk 0.00cvss epss 0.00

    Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client (aka qspice-client) in qspice 0.3.0,…