Vulnerabilities > Spice GTK Project > Spice GTK > 0.14
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-14 | CVE-2017-12194 | Improper Input Validation vulnerability in Spice-Gtk Project Spice-Gtk A flaw was found in the way spice-client processed certain messages sent from the server. | 10.0 |
| 2017-06-06 | CVE-2016-3066 | Information Exposure vulnerability in Spice-Gtk Project Spice-Gtk The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard. | 4.0 |
| 2013-10-03 | CVE-2013-4324 | Permissions, Privileges, and Access Controls vulnerability in multiple products spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | 4.6 |