Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spice project spice vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2017-12194
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions u...
Spice-gtk Project Spice-gtk
641
VMScore
CVE-2015-5260
Heap-based buffer overflow in SPICE prior to 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.
Redhat Enterprise Linux Server Eus 6.7.z
Redhat Enterprise Linux Hpc Node 6.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Spice Project Spice
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Hpc Node 7.0
Redhat Enterprise Linux Server Eus 7.1
Redhat Enterprise Linux Hpc Node Eus 7.1
614
VMScore
CVE-2015-3247
Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors.
Spice Project Spice 0.12.4
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Hpc Node 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Hpc Node 6
578
VMScore
CVE-2020-14355
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send speci...
Spice Project Spice
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Canonical Ubuntu Linux 16.04
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Canonical Ubuntu Linux 20.04
Opensuse Leap 15.2
Redhat Enterprise Linux Aus 8.2
Redhat Openstack 16.1
Redhat Enterprise Linux Tus 8.2
Redhat Enterprise Linux Update Services For Sap Solutions 8.0
578
VMScore
CVE-2018-10893
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
Spice Project Spice -
481
VMScore
CVE-2019-3813
Spice, versions 0.5.2 up to and including 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
Spice Project Spice
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server Aus 7.6
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
445
VMScore
CVE-2021-20201
A flaw was found in spice in versions prior to 0.14.92. A DoS tool might make it easier for remote malicious users to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.
Spice Project Spice
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 8.0
445
VMScore
CVE-2013-4282
Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote malicious users to cause a denial of service (crash) via a long password in a SPICE ticket.
Spice Project Spice 0.12.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Virtualization 3.0
Redhat Enterprise Linux 5
356
VMScore
CVE-2016-3066
The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard.
Spice-gtk Project Spice-gtk 0.4
Spice-gtk Project Spice-gtk 0.3
Spice-gtk Project Spice-gtk 0.10
Spice-gtk Project Spice-gtk 0.9
Spice-gtk Project Spice-gtk 0.20
Spice-gtk Project Spice-gtk 0.19
Spice-gtk Project Spice-gtk 0.18
Spice-gtk Project Spice-gtk 0.17
Spice-gtk Project Spice-gtk 0.32
Spice-gtk Project Spice-gtk 0.33
Spice-gtk Project Spice-gtk 0.12
Spice-gtk Project Spice-gtk 0.11
Spice-gtk Project Spice-gtk 0.13.17
Spice-gtk Project Spice-gtk 0.14
Spice-gtk Project Spice-gtk 0.13.29
Spice-gtk Project Spice-gtk 0.25
Spice-gtk Project Spice-gtk 0.24
Spice-gtk Project Spice-gtk 0.29
Spice-gtk Project Spice-gtk 0.28
Spice-gtk Project Spice-gtk 0.1.0
Spice-gtk Project Spice-gtk 0.5
Spice-gtk Project Spice-gtk 0.8
187
VMScore
CVE-2013-0241
The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information.
Qxl Graphics Driver Project Xf86-video-qxl 0.1.0
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.04
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started