Vendor
Spice Gtk Project
Products
1
CVEs
2
Across products
38
Status
Private
Products
1- 38 CVEs
Recent CVEs
2| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-3066 | Med | 0.42 | 6.5 | 0.00 | Jun 6, 2017 | The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard. | |
| CVE-2013-4324 | 0.00 | — | 0.00 | Oct 3, 2013 | spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. |