Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.35 views

SUSE SLED15 / SLES15 Security Update : spice-gtk (SUSE-SU-2018:2709-1)

This update for spice-gtk fixes the following issues : Security issues fixed : CVE-2018-10873: Fix potential heap corruption when demarshalling bsc1104448 CVE-2018-10893: Avoid buffer overflow on image lz checks bsc1101295 Other bugs fixed: Add setuid bit to spice-client-glib-usb-acl-helper...

8.8CVSS7.9AI score0.03934EPSS
Exploits0References8
OSV
OSV
added 2018/09/03 2:1 p.m.7 views

SUSE-SU-2018:2594-1 Security update for spice-gtk

This update for spice-gtk fixes the following issues: Security issues fixed: - CVE-2018-10873: Fix potential heap corruption when demarshalling bsc1104448 - CVE-2018-10893: Avoid buffer overflow on image lz checks bsc1101295...

8.8CVSS9.2AI score0.03934EPSS
Exploits0References5
OSV
OSV
added 2018/04/05 3:22 p.m.3 views

SUSE-SU-2018:0877-1 Security update for spice-gtk

This update for spice-gtk fixes the following issues: - CVE-2017-12194: A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissio...

10CVSS9.6AI score0.05544EPSS
Exploits0References3
securityvulns
securityvulns
added 2015/01/19 12:0 a.m.22 views

gtk+ protection bypass

Screen lock bypass...

1.9AI score
Exploits0References1
Cvelist
Cvelist
added 2013/10/03 9:0 p.m.25 views

CVE-2013-4324

spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkitunixprocessnew API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a 1 setuid process or 2 pkexec process...

6.5AI score0.00384EPSS
Exploits0References5
OSV
OSV
added 2005/11/18 6:3 a.m.7 views

CVE-2005-2975

io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service infinite loop via a crafted XPM image with a large number of colors...

6AI score
Exploits0References29
securityvulns
securityvulns
added 2001/01/03 12:0 a.m.39 views

gtk+ security hole.

while going through a quick audit of gtk i found: gtk+ can be tricked into running arbitrary code via a bogus module. this means any program using gtk that is setid can be exploited via this method. here is an exploit i wrote for this security hole: original xgtk.cworking/un-wrapped:...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2001/01/02 12:0 a.m.44 views

GTK+ 1.2.8 - Arbitrary Loadable Module Execution

// source: https://www.securityfocus.com/bid/2165/info GTK+ is the Gimp Toolkit, freely available to the public and maintained by the GTK Development Team. A problem exists in the Gimp Toolkit that could allow a user elevated privileges. The problem occurs in the ability to load modules with the...

7AI score
Exploits0
Rows per page
Query Builder