Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-25653

Опубликовано: 26 нояб. 2020
Источник: nvd
CVSS3: 6.3
CVSS2: 5.4
EPSS Низкий

Описание

A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:spice-space:spice-vdagent:*:*:*:*:*:*:*:*
Версия до 0.20.0 (включая)
Конфигурация 2
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

EPSS

Процентиль: 30%
0.00113
Низкий

6.3 Medium

CVSS3

5.4 Medium

CVSS2

Дефекты

CWE-362
CWE-362

Связанные уязвимости

ubuntu логотип

CVE-2020-25653

CVSS3: 6.3
ubuntu
около 5 лет назад

A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.

redhat логотип

CVE-2020-25653

CVSS3: 6.4
redhat
больше 5 лет назад

A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.

msrc логотип

CVE-2020-25653

CVSS3: 6.3
msrc
около 4 лет назад

Описание отсутствует

debian логотип

CVE-2020-25653

CVSS3: 6.3
debian
около 5 лет назад

A race condition vulnerability was found in the way the spice-vdagentd ...

github логотип

GHSA-5v7v-8wfp-pqqp

github
больше 3 лет назад

A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.

EPSS

Процентиль: 30%
0.00113
Низкий

6.3 Medium

CVSS3

5.4 Medium

CVSS2

Дефекты

CWE-362
CWE-362