Lucene search
RedhatCVELIST:CVE-2017-15108HistoryJan 20, 2018 - 12:00 a.m.
CVE-2017-15108
2018-01-2000:00:00
CWE-78
redhat
www.cve.org
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.
CNA Affected
[
{
"product": "spice-vdagent",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "up to and including 0.17.0"
}
]
}
]Related
openvas
openvas
Huawei EulerOS: Security Advisory for spice-vdagent (EulerOS-SA-2018-1052)
2020-01-23 00:00:00
Mageia: Security Advisory (MGASA-2019-0032)
2022-01-28 00:00:00
Huawei EulerOS: Security Advisory for spice-vdagent (EulerOS-SA-2018-1051)
2020-01-23 00:00:00
mageia
mageia
Updated spice-vdagent package fixes security vulnerability
2019-01-12 00:07:56
gentoo
gentoo
SPICE VDAgent: Arbitrary command injection
2018-04-08 00:00:00
nessus
nessus
openSUSE Security Update : spice-vdagent (openSUSE-2018-144)
2018-02-08 00:00:00
EulerOS 2.0 SP2 : spice-vdagent (EulerOS-SA-2018-1052)
2018-03-20 00:00:00
RHEL 7 : spice-vdagent (Unpatched Vulnerability)
2024-06-03 00:00:00
debiancve
debiancve
CVE-2017-15108
2018-01-20 00:29:00
osv
osv
CVE-2017-15108
2018-01-20 00:29:00
spice-vdagent - security update
2021-01-13 00:00:00
nvd
nvd
CVE-2017-15108
2018-01-20 00:29:00
cve
cve
CVE-2017-15108
2018-01-20 00:29:00
ubuntucve
ubuntucve
CVE-2017-15108
2018-01-20 00:00:00
prion
prion
Code injection
2018-01-20 00:29:00
redhatcve
redhatcve
CVE-2017-15108
2019-10-12 03:49:11
rosalinux
rosalinux
Advisory ROSA-SA-2021-1974
2021-07-02 18:08:32
debian
debian
[SECURITY] [DLA 2524-1] spice-vdagent security update
2021-01-13 08:12:57