How severe is CVE-2020-25651?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2020-25651?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2020-25651

MEDIUM Year: 2020

CVSS v3 Score

6.4

Medium

CVSS v2 Score

3.3

Low

Weakness Type

CWE-362

View all →

Vulnerability Description

A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.

CVE-2015-8511

MEDIUM

CVSS:6.4(Medium)

Race condition in the lockscreen feature in Mozilla Firefox OS before 2.5 allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.

CWE-3622015

CVE-2016-9962

MEDIUM

CVSS:6.4(Medium)

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-des...

CWE-3622016

CVE-2017-1000367

MEDIUM

CVSS:6.4(Medium)

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

CWE-3622017

CVE-2018-9519

MEDIUM

CVSS:6.4(Medium)

In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System privileges required. User interaction i...

CWE-3622018

CVE-2019-2188

MEDIUM

CVSS:6.4(Medium)

In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not neede...

CWE-3622019