Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spice vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2016-4419
epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x prior to 2.0.2 mishandles capability data, which allows remote malicious users to cause a denial of service (large loop) via a crafted packet.
Wireshark Wireshark 2.0.1
Wireshark Wireshark 2.0.0
NA
CVE-2015-3247
Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors.
Spice Project Spice 0.12.4
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Hpc Node 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Hpc Node 6
NA
CVE-2015-6261
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531...
Cisco Telepresence Video Communication Server Software X8.5.2
NA
CVE-2013-2152
Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspecified folder.
Redhat Enterprise Virtualization 3.2
NA
CVE-2013-4282
Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote malicious users to cause a denial of service (crash) via a long password in a SPICE ticket.
Spice Project Spice 0.12.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Virtualization 3.0
Redhat Enterprise Linux 5
NA
CVE-2013-0241
The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information.
Qxl Graphics Driver Project Xf86-video-qxl 0.1.0
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.04
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
NA
CVE-2011-4316
Red Hat Enterprise Virtualization Manager (RHEV-M) prior to 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecif...
Redhat Enterprise Virtualization Manager 2.2
Redhat Enterprise Virtualization Manager 2.2.3
Redhat Enterprise Virtualization Manager
Redhat Enterprise Virtualization Manager 2.1
NA
CVE-2012-4425
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the a...
Freedesktop Spice-gtk -
Gtk Libgio -
1 EDB exploit
NA
CVE-2011-0012
The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name.
Redhat Spice-xpi 2.4
Redhat Spice-xpi 2.2
Redhat Spice-xpi 2.3
NA
CVE-2011-1179
The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) plugin/nsScriptablePeer.cpp and (2) plugin/plugin.cpp, which trigger ...
Redhat Spice-xpi 2.2
Redhat Spice-xpi 2.3
Redhat Spice-xpi 2.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »