CVE-2010-2794

CWE-595 documents5 sources
Severity
3.3LOW
EPSS
0.0%
top 91.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Spice-xpi
Timeline
PublishedAug 30
Latest updateMay 17

Description

The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file.

CVSS vector

AV:L/AC:M/C:N/I:P/A:PExploitability: 3.4 | Impact: 4.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-qrqx-8qh8-q9cq: The SPICE (aka spice-xpi) plug-in 22022-05-17
CVEList
CVE-2010-2794: The SPICE (aka spice-xpi) plug-in 22010-08-30

📋Vendor Advisories

1
Red Hat
spice-xpi symlink attack2010-08-25

💬Community

1
Bugzilla
CVE-2010-2794 spice-xpi symlink attack2010-08-02
CVE-2010-2794 (LOW CVSS 3.3) | The SPICE (aka spice-xpi) plug-in 2 | cvebase.io