← Back

Spice Space

spice-space

7 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Spice Vdagent
spice-vdagent
5 CVEs
Usbredir
usbredir
1 CVE
Spice Server
spice-server
1 CVE

CVEs (7)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-23793
1Spice Space
1Spice Server
Nov 21, 2024
Aug 22, 2023
N/A· v4
8.6 HIGH· v3
N/A· v2
An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known...Show more
An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects.Show less
CVE-2021-3700
4Debian
FedoraprojectRedhat+1 more
4Debian Linux
Enterprise LinuxFedora+1 more
Nov 21, 2024
Feb 24, 2022
N/A· v4
6.4 MEDIUM· v3
4.4 MEDIUM· v2
A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write da...Show more
A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination.Show less
CVE-2020-25653
3Debian
FedoraprojectSpice Space
3Debian Linux
FedoraSpice Vdagent
Nov 21, 2024
Nov 26, 2020
N/A· v4
6.3 MEDIUM· v3
5.4 MEDIUM· v2
A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly r...Show more
A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.Show less
CVE-2020-25652
3Debian
FedoraprojectSpice Space
3Debian Linux
FedoraSpice Vdagent
Nov 21, 2024
Nov 26, 2020
N/A· v4
5.5 MEDIUM· v3
4.9 MEDIUM· v2
A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local gu...Show more
A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior.Show less
CVE-2020-25651
3Debian
FedoraprojectSpice Space
3Debian Linux
FedoraSpice Vdagent
Nov 21, 2024
Nov 26, 2020
N/A· v4
6.4 MEDIUM· v3
3.3 LOW· v2
A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from othe...Show more
A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.Show less
CVE-2020-25650
3Debian
FedoraprojectSpice Space
3Debian Linux
FedoraSpice Vdagent
Nov 21, 2024
Nov 25, 2020
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/...Show more
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions.Show less
CVE-2017-15108
2Debian
Spice Space
2Debian Linux
Spice Vdagent
Nov 21, 2024
Jan 20, 2018
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.