Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spice project spice vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2021-20201
A flaw was found in spice in versions prior to 0.14.92. A DoS tool might make it easier for remote malicious users to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.
Spice Project Spice
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 8.0
6.6
CVSSv3
CVE-2020-14355
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send speci...
Spice Project Spice
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Canonical Ubuntu Linux 16.04
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Canonical Ubuntu Linux 20.04
Opensuse Leap 15.2
Redhat Enterprise Linux Aus 8.2
Redhat Openstack 16.1
Redhat Enterprise Linux Tus 8.2
Redhat Enterprise Linux Update Services For Sap Solutions 8.0
7.5
CVSSv3
CVE-2019-3813
Spice, versions 0.5.2 up to and including 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
Spice Project Spice
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server Aus 7.6
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
8.8
CVSSv3
CVE-2018-10893
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
Spice Project Spice -
9.8
CVSSv3
CVE-2017-12194
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions u...
Spice-gtk Project Spice-gtk
6.5
CVSSv3
CVE-2016-3066
The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard.
Spice-gtk Project Spice-gtk 0.1.0
Spice-gtk Project Spice-gtk 0.2
Spice-gtk Project Spice-gtk 0.3
Spice-gtk Project Spice-gtk 0.4
Spice-gtk Project Spice-gtk 0.5
Spice-gtk Project Spice-gtk 0.6
Spice-gtk Project Spice-gtk 0.7
Spice-gtk Project Spice-gtk 0.8
Spice-gtk Project Spice-gtk 0.9
Spice-gtk Project Spice-gtk 0.10
Spice-gtk Project Spice-gtk 0.11
Spice-gtk Project Spice-gtk 0.12
Spice-gtk Project Spice-gtk 0.12.101
Spice-gtk Project Spice-gtk 0.13
Spice-gtk Project Spice-gtk 0.13.17
Spice-gtk Project Spice-gtk 0.13.29
Spice-gtk Project Spice-gtk 0.14
Spice-gtk Project Spice-gtk 0.15
Spice-gtk Project Spice-gtk 0.15.3
Spice-gtk Project Spice-gtk 0.16
Spice-gtk Project Spice-gtk 0.17
Spice-gtk Project Spice-gtk 0.18
7.8
CVSSv3
CVE-2015-5260
Heap-based buffer overflow in SPICE prior to 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.
Redhat Enterprise Linux Server Eus 6.7.z
Redhat Enterprise Linux Hpc Node 6.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Spice Project Spice
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Hpc Node 7.0
Redhat Enterprise Linux Server Eus 7.1
Redhat Enterprise Linux Hpc Node Eus 7.1
NA
CVE-2015-3247
Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors.
Spice Project Spice 0.12.4
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Hpc Node 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Hpc Node 6
NA
CVE-2013-4282
Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote malicious users to cause a denial of service (crash) via a long password in a SPICE ticket.
Spice Project Spice 0.12.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Virtualization 3.0
Redhat Enterprise Linux 5
NA
CVE-2013-0241
The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information.
Qxl Graphics Driver Project Xf86-video-qxl 0.1.0
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.04
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started