Lucene search
RedhatCVE-2010-2792HistoryAug 30, 2010 - 8:00 p.m.
CVE-2010-2792
2010-08-3020:00:02
CWE-362
redhat
web.nvd.nist.gov
32
cve-2010-2792
race condition
spice plug-in
firefox
local users
sensitive information
man-in-the-middle
unix socket
qspice-client
CVSS2
3.3
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:P/A:N
AI Score
5.7
Confidence
Low
EPSS
0
Percentile
5.1%
Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client (aka qspice-client) in qspice 0.3.0, and then accessing this socket.
Affected configurations
Node
redhatspice-xpiMatch2.2
mozillafirefox
Related
nessus
nessus
Scientific Linux Security Update : qspice-client on SL5.x i386/x86_64
2012-08-01 00:00:00
Scientific Linux Security Update : spice-xpi on SL5.x i386/x86_64
2012-08-01 00:00:00
RHEL 5 : qspice-client (RHSA-2010:0632)
2013-01-24 00:00:00
nvd
nvd
CVE-2010-2792
2010-08-30 20:00:02
prion
prion
Race condition
2010-08-30 20:00:00
redhat
redhat
(RHSA-2010:0632) Moderate: qspice-client security update
2010-08-25 00:00:00
(RHSA-2010:0651) Moderate: spice-xpi security and bug fix update
2010-08-25 00:00:00
cvelist
cvelist
CVE-2010-2792
2010-08-30 19:00:00
veracode
veracode
Man-in-the-middle
2020-04-10 00:47:07
centos
centos
qspice security update
2010-08-25 18:03:47
spice security update
2010-08-25 18:05:31
rosalinux
rosalinux
Advisory ROSA-SA-2024-2370
2024-03-12 08:35:15
CVSS2
3.3
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:P/A:N
AI Score
5.7
Confidence
Low
EPSS
0
Percentile
5.1%
Related for CVE-2010-2792