SUSE: Security Advisory (SUSE-SU-2021:2803-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : spice-vdagent (SUSE-SU-2021:2766-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2766-1 advisory. - A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any...

Huawei EulerOS: Security Advisory for spice-vdagent (EulerOS-SA-2021-2283)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : spice-vdagent (openSUSE-SU-2021:2614-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2614-1 advisory. - A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivilege...

SUSE: Security Advisory (SUSE-SU-2021:2614-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-25653

CVE-2021-25653 is an AVPU privilege escalation in Avaya Aura Appliance Virtualization Platform Utilities. Affected from 8.0.0.0 to 8.1.3.1. The vulnerability is described as local with low attack complexity and no authentication, leading to high impact on confidentiality, integrity, and availabil...

SUSE: Security Advisory (SUSE-SU-2020:3268-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

spice-vdagent security and bug fix update

0.20.0-3 - Fix mouse problems in multi-monitor environments under Wayland Resolves: rhbz1790904 rhbz1824610 0.20.0-2 - Resolves: CVE-2020-25650, CVE-2020-25651, CVE-2020-25652, CVE-2020-25653...

Moderate: Red Hat Security Advisory: spice-vdagent security and bug fix update

An update for spice-vdagent is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Moderate: spice-vdagent security and bug fix update

The spice-vdagent packages provide a SPICE agent for Linux guests. Security Fixes: spice-vdagent: possible file transfer DoS and information leak via activexfers hash map CVE-2020-25651 spice-vdagent: UNIX domain socket peer PID retrieved via SOPEERCRED is subject to race condition CVE-2020-25653...

spice-vdagent security and bug fix update

An update is available for spice-vdagent. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The spice-vdagent packages provide a SPICE agent for Linux guests...

RLSA-2021:1791 Moderate: spice-vdagent security and bug fix update

The spice-vdagent packages provide a SPICE agent for Linux guests. Security Fixes: spice-vdagent: possible file transfer DoS and information leak via activexfers hash map CVE-2020-25651 spice-vdagent: UNIX domain socket peer PID retrieved via SOPEERCRED is subject to race condition CVE-2020-25653...

Fedora: Security Advisory for spice-vdagent (FEDORA-2021-510977db25)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 32 : spice-vdagent (2021-510977db25)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-510977db25 advisory. - A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local...

Fedora: Security Advisory for spice-vdagent (FEDORA-2021-09ce0cdfac)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Debian: Security Advisory (DLA-2524-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2524-1] spice-vdagent security update

Debian LTS Advisory DLA-2524-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA January 13, 2021 https://wiki.debian.org/LTS Package : spice-vdagent Version : 0.17.0-1+deb9u1 CVE ID : CVE-2017-15108 CVE-2020-25650 CVE-2020-25651 CVE-2020-25652 CVE-2020-25653 Debian Bug...

SUSE SLED15 / SLES15 Security Update : spice-vdagent (SUSE-SU-2020:3268-1)

This update for spice-vdagent fixes the following issues : Security issues fixed : CVE-2020-25650: Fixed a memory DoS via arbitrary entries in activexfers hash table bsc1177780. CVE-2020-25651: Fixed a possible file transfer DoS and information leak via activexfers hash map bsc1177781...

CVE-2020-25653

creationtimestamp| type| source ---|---|--- 2020-11-26 07:48:26+00:00| seen| https://t.me/cibsecurity/16860...

CVE-2020-25653

CVE-2020-25653 describes a race-condition in spice-vdagentd that can let an unprivileged local guest user hijack the active agent via new UNIX socket connections, risking DoS or host data leakage. Affected: spice-vdagentd/spice-vdagent (v0.20 and earlier). Connected advisories/vendor notes consis...