Lucene search
RedhatCVE-2010-2794HistoryAug 30, 2010 - 8:00 p.m.
CVE-2010-2794
2010-08-3020:00:02
CWE-59
redhat
web.nvd.nist.gov
31
cve-2010-2794
spice
firefox
symlink attack
nvd
CVSS2
3.3
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
AI Score
6.2
Confidence
Low
EPSS
0
Percentile
5.1%
The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file.
Affected configurations
Node
redhatspice-xpiMatch2.2
mozillafirefox
Related
prion
prion
Code injection
2010-08-30 20:00:00
nvd
nvd
CVE-2010-2794
2010-08-30 20:00:02
veracode
veracode
Arbitrary Files Overwrite
2020-04-10 00:50:38
cvelist
cvelist
CVE-2010-2794
2010-08-30 19:00:00
centos
centos
spice security update
2010-08-25 18:05:31
nessus
nessus
Scientific Linux Security Update : spice-xpi on SL5.x i386/x86_64
2012-08-01 00:00:00
RHEL 5 : qspice-client (RHSA-2010:0632)
2013-01-24 00:00:00
CentOS 5 : spice-xpi (CESA-2010:0651)
2010-08-26 00:00:00
redhat
redhat
(RHSA-2010:0651) Moderate: spice-xpi security and bug fix update
2010-08-25 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2370
2024-03-12 08:35:15
CVSS2
3.3
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
AI Score
6.2
Confidence
Low
EPSS
0
Percentile
5.1%
Related for CVE-2010-2794