5 matches found
EUVD-2017-3769
Malware in sbrugna...
NewStart CGSL MAIN 6.02 : spice-gtk Vulnerability (NS-SA-2021-0075)
The remote NewStart CGSL host, running version MAIN 6.02, has spice-gtk packages installed that are affected by a vulnerability: - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE clien...
Authorization Bypass
spice-gtk is vulnerable to authorization bypass. The communication to polkit for authorization via an API call is vulnerable to a race condition in setuid or pkexec process, which allows a local user to bypass access restrictions...
CVE-2017-12194
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are...
Design/Logic Flaw
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are...