Spice Gtk
Monthly
The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS. Rated medium severity (CVSS 6.9). Public exploit code available.
The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS. Rated medium severity (CVSS 6.9). Public exploit code available.