Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spice vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2019-9824
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.
Qemu Qemu 3.0.0
9.8
CVSSv3
CVE-2018-20815
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.
Qemu Qemu 3.1.0
7.5
CVSSv3
CVE-2019-12155
interface_release_resource in hw/display/qxl.c in QEMU 3.1.x up to and including 4.0.0 has a NULL pointer dereference.
Qemu Qemu 4.0.0
7.5
CVSSv3
CVE-2019-5008
hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the malicious user to cause a denial of service via a device driver.
Qemu Qemu 3.1.50
7.5
CVSSv3
CVE-2019-3813
Spice, versions 0.5.2 up to and including 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
Spice Project Spice
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server Aus 7.6
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
8.8
CVSSv3
CVE-2018-10893
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
Spice Project Spice -
9.8
CVSSv3
CVE-2017-12194
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions u...
Spice-gtk Project Spice-gtk
7.8
CVSSv3
CVE-2017-15108
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.
Spice-space Spice-vdagent
Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2016-3066
The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard.
Spice-gtk Project Spice-gtk 0.4
Spice-gtk Project Spice-gtk 0.3
Spice-gtk Project Spice-gtk 0.10
Spice-gtk Project Spice-gtk 0.9
Spice-gtk Project Spice-gtk 0.20
Spice-gtk Project Spice-gtk 0.19
Spice-gtk Project Spice-gtk 0.18
Spice-gtk Project Spice-gtk 0.17
Spice-gtk Project Spice-gtk 0.32
Spice-gtk Project Spice-gtk 0.33
Spice-gtk Project Spice-gtk 0.12
Spice-gtk Project Spice-gtk 0.11
Spice-gtk Project Spice-gtk 0.13.17
Spice-gtk Project Spice-gtk 0.14
Spice-gtk Project Spice-gtk 0.13.29
Spice-gtk Project Spice-gtk 0.25
Spice-gtk Project Spice-gtk 0.24
Spice-gtk Project Spice-gtk 0.29
Spice-gtk Project Spice-gtk 0.28
Spice-gtk Project Spice-gtk 0.1.0
Spice-gtk Project Spice-gtk 0.5
Spice-gtk Project Spice-gtk 0.8
7.8
CVSSv3
CVE-2015-5260
Heap-based buffer overflow in SPICE prior to 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.
Redhat Enterprise Linux Server Eus 6.7.z
Redhat Enterprise Linux Hpc Node 6.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Spice Project Spice
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Hpc Node 7.0
Redhat Enterprise Linux Server Eus 7.1
Redhat Enterprise Linux Hpc Node Eus 7.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »