Lucene search
Veracode Vulnerability DatabaseVERACODE:24263HistoryApr 10, 2020 - 12:50 a.m.
Arbitrary Files Overwrite
2020-04-1000:50:38
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
The Simple Protocol for Independent Computing Environments (SPICE) is vulnerable to Arbitrary Files Overwrite. It was found that the SPICE Firefox plug-in used a predictable name for its log file. A local attacker could use this flaw to conduct a symbolic link attack, allowing them to overwrite arbitrary files accessible to the user running Firefox.
| CPE | Name | Operator | Version |
|---|---|---|---|
| spice-xpi | eq | 2.2__1.el5_5 | |
| spice-xpi | eq | 2.2__1.el5_5 |
Related
prion
prion
Code injection
2010-08-30 20:00:00
cvelist
cvelist
CVE-2010-2794
2010-08-30 19:00:00
cve
cve
CVE-2010-2794
2010-08-30 20:00:02
nessus
nessus
RHEL 5 : qspice-client (RHSA-2010:0632)
2013-01-24 00:00:00
RHEL 5 : spice-xpi (RHSA-2010:0651)
2013-01-24 00:00:00
CentOS 5 : spice-xpi (CESA-2010:0651)
2010-08-26 00:00:00
centos
centos
spice security update
2010-08-25 18:05:31
redhat
redhat
(RHSA-2010:0651) Moderate: spice-xpi security and bug fix update
2010-08-25 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2370
2024-03-12 08:35:15
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
Related for VERACODE:24263