MiracleLinux 4 : spice-xpi-2.4-1.AXS4.2 (AXSA:2011-154:01)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2011-154:01 advisory. SPICE extension for mozilla allows the client to be used from a web browser. Security issues fixed with this release: CVE-2011-0012 CVE-2011-1179 No...

RHSA-2011:0426 Red Hat Security Advisory: spice-xpi security update

Bulletin has no description...

RHSA-2010:0651 Red Hat Security Advisory: spice-xpi security and bug fix update

Bulletin has no description...

RHSA-2011:0427 Red Hat Security Advisory: spice-xpi security update

Bulletin has no description...

Arbitrary Code Execution

spice-xpi is vulnerable to arbitrary code execution. The vulnerability exists as an uninitialized pointer use flaw was found in the SPICE Firefox plug-in. If a user were tricked into visiting a malicious web page with Firefox while the SPICE plug-in was enabled, it could cause Firefox to crash or...

spice-gtk security and bug fix update

libgovirt 0.3.4-2 - Parse XML nodes automatically Related: rhbz1427467 - Set detailed error message for async call Related: rhbz1427467 spice-gtk 0.35-4 - Fix bad channel-reset on usbredir Resolves: rhbz1625550 0.35-3 - Fix insufficient encoding checks for LZ Resolves: rhbz1598652 spice-vdagent...

Oracle: Security Advisory (ELSA-2011-0426)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the spice-xpi-2.4 package of the Red Hat Enterprise Linux operating system can be exploited, leading to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the spice-xpi-debuginfo-2.4 package of the Red Hat Enterprise Linux operating system can be exploited, leading to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Oracle Linux 6 : spice-xpi (ELSA-2011-0426)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2011-0426 advisory. - Fix security vulnerability CVE-2011-0012 rhbz639869 Resolves: rhbz639870 Tenable has extracted the preceding description block directly from the Orac...

RHEL 5 : spice-xpi (RHSA-2010:0651)

An updated spice-xpi package that fixes two security issues and three bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...

Scientific Linux Security Update : spice-xpi on SL5.x i386/x86_64

The spice-xpi package provides a plug-in that allows the SPICE client to run from within Mozilla Firefox. A race condition was found in the way the SPICE Firefox plug-in and the SPICE client communicated. A local attacker could use this flaw to trick the plug-in and the SPICE client into...

Scientific Linux Security Update : spice-xpi on SL5.x,SL6.x i386/x86_64

An uninitialized pointer use flaw was found in the SPICE Firefox plug-in. If a user were tricked into visiting a malicious web page with Firefox while the SPICE plug-in was enabled, it could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefo...

CentOS Update for spice-xpi CESA-2011:0427 centos5 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for spice-xpi CESA-2011:0427 centos5 x86_64

Check for the Version of spice-xpi OpenVAS Vulnerability Test CentOS Update for spice-xpi CESA-2011:0427 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

RedHat Update for spice-xpi RHSA-2011:0426-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

RedHat Update for spice-xpi RHSA-2011:0426-01

Check for the Version of spice-xpi OpenVAS Vulnerability Test RedHat Update for spice-xpi RHSA-2011:0426-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

CentOS Update for spice-xpi CESA-2011:0427 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

RHEL 6 : spice-xpi (RHSA-2011:0426)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2011:0426 advisory. The Simple Protocol for Independent Computing Environments SPICE is a remote display protocol used in Red Hat Enterprise Linux for viewing...

spice-xpi: unitialized pointer writes possible when getting plugin properties

The SPICE Firefox plug-in spice-xpi 2.4, 2.3, 2.2, and possibly other versions allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to 1 plugin/nsScriptablePeer.cpp and 2 plugin/plugin.cpp, which trigger multiple uses of an uninitializ...