Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM5268E88E83CC1A48C879C5B84E7F6732B90B85F8DB85925B6649F79F64BD7471
HistoryDec 17, 2018 - 2:25 p.m.

Security Bulletin: A vulnerability in SPICE affects PowerKVM

2018-12-1714:25:02
www.ibm.com
8

0.002 Low

EPSS

Percentile

54.9%

JSON

Summary

PowerKVM is affected by a vulnerability in SPICE. IBM has now addressed this vulnerability.

Vulnerability Details

CVEID: CVE-2018-10873 DESCRIPTION: SPICE is vulnerable to a denial of service, caused by a missing check in python_modules/demarshal.py:write_validate_array_item(). By sending a specially-crafted message, a remote authenticated attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 8.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148522&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H)

Affected Products and Versions

PowerKVM 3.1

Remediation/Fixes

Customers can update PowerKVM systems by using “yum update”.

Fix images are made available via Fix Central. For version 3.1, see https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 16.

Workarounds and Mitigations

none

CPENameOperatorVersion
powerkvmeq3.1

Related

openvas 31
nessus 37
centos 2
osv 4
ubuntu 1
veracode 2
debian 5
cve 1
prion 1
redhat 3
cvelist 1
oraclelinux 2
redhatcve 1
debiancve 1
nvd 1
ubuntucve 1
altlinux 1
alpinelinux 1
suse 4
mageia 2
ibm 1
openvas
openvas
Debian: Security Advisory (DLA-1489-1)
2018-09-02 00:00:00
Huawei EulerOS: Security Advisory for spice-gtk (EulerOS-SA-2019-1200)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for spice (EulerOS-SA-2018-1364)
2020-01-23 00:00:00
nessus
nessus
RHEL 7 : spice and spice-gtk (RHSA-2018:2731)
2018-09-21 00:00:00
EulerOS 2.0 SP2 : spice (EulerOS-SA-2018-1356)
2018-11-06 00:00:00
EulerOS 2.0 SP3 : spice (EulerOS-SA-2018-1364)
2018-11-07 00:00:00
centos
centos
spice security update
2018-09-28 16:23:23
spice security update
2018-09-28 16:45:15
osv
osv
spice - security update
2018-10-15 00:00:00
spice-gtk - security update
2018-09-01 00:00:00
CVE-2018-10873
2018-08-17 12:29:00
ubuntu
ubuntu
Spice vulnerability
2018-08-22 00:00:00
veracode
veracode
Demarshalling With Improper Bounds Check
2019-01-15 09:24:50
Demarshalling With Improper Bounds Check
2018-09-03 05:28:58
debian
debian
[SECURITY] [DSA 4319-1] spice security update
2018-10-15 19:01:04
[SECURITY] [DSA 4319-1] spice security update
2018-10-15 19:01:04
[SECURITY] [DLA 1489-1] spice-gtk security update
2018-08-31 22:35:58
cve
cve
CVE-2018-10873
2018-08-17 12:29:00
prion
prion
Out-of-bounds
2018-08-17 12:29:00
redhat
redhat
(RHSA-2018:2732) Important: spice-gtk and spice-server security update
2018-09-20 14:22:20
(RHSA-2018:2731) Important: spice and spice-gtk security update
2018-09-20 14:20:53
(RHSA-2018:3470) Moderate: Red Hat Virtualization security and bug fix update
2018-11-05 13:52:45
cvelist
cvelist
CVE-2018-10873
2018-08-17 12:00:00
oraclelinux
oraclelinux
spice and spice-gtk security update
2018-09-20 00:00:00
spice-gtk and spice-server security update
2018-09-20 00:00:00
redhatcve
redhatcve
CVE-2018-10873
2019-10-05 21:46:42
debiancve
debiancve
CVE-2018-10873
2018-08-17 12:29:00
nvd
nvd
CVE-2018-10873
2018-08-17 12:29:00
ubuntucve
ubuntucve
CVE-2018-10873
2018-08-17 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package SPICE version 0.14.1-alt1
2019-03-11 00:00:00
alpinelinux
alpinelinux
CVE-2018-10873
2018-08-17 12:29:00
suse
suse
Security update for spice-gtk (important)
2018-09-04 15:07:46
Security update for spice-gtk (important)
2018-09-15 15:11:34
Security update for spice (important)
2018-09-04 15:08:15
mageia
mageia
Updated spice packages fix security vulnerability
2019-02-22 03:35:50
Updated spice-gtk packages fix security vulnerability
2019-02-22 04:08:50
ibm
ibm
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-s, 1801-t and 1801-u
2018-12-05 22:20:01

0.002 Low

EPSS

Percentile

54.9%

JSON
Related for 5268E88E83CC1A48C879C5B84E7F6732B90B85F8DB85925B6649F79F64BD7471
openvas31nessus37centos2osv4ubuntu1veracode2debian5cve1prion1redhat3cvelist1oraclelinux2redhatcve1debiancve1nvd1ubuntucve1altlinux1alpinelinux1suse4mageia2ibm1