MiracleLinux 7 : libgovirt-0.3.4-3.el7, spice-gtk-0.35-4.el7, spice-vdagent-0.14.0-18.el7, virt-viewer-5.0-15.el7 (AXSA:2019-4267:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4267:01 advisory. spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows CVE-2018-10893 Tenable has extracted the preceding description...

Linux Distros Unpatched Vulnerability : CVE-2018-10893

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the clie...

Oracle Linux 7 : spice-gtk (ELSA-2019-2229)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-2229 advisory. libgovirt 0.3.4-2 - Parse XML nodes automatically Related: rhbz1427467 - Set detailed error message for async call Related: rhbz1427467 spice-gtk 0.35-4 - Fix b...

Amazon Linux 2 : spice-protocol (ALAS-2023-2219)

The version of spice-protocol installed on the remote host is prior to 0.12.14-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2219 advisory. Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A...

Amazon Linux 2 : libgovirt (ALAS-2023-2220)

The version of libgovirt installed on the remote host is prior to 0.3.4-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2220 advisory. Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A...

NewStart CGSL CORE 5.05 / MAIN 5.05 : virt-viewer Vulnerability (NS-SA-2023-0027)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has virt-viewer packages installed that are affected by a vulnerability: - Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause...

NewStart CGSL CORE 5.05 / MAIN 5.05 : libgovirt Vulnerability (NS-SA-2023-0019)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libgovirt packages installed that are affected by a vulnerability: - Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause th...

Amazon Linux 2 : spice-protocol (ALAS-2023-1940)

The version of spice-protocol installed on the remote host is prior to 0.12.14-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1940 advisory. Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A...

Amazon Linux 2 : libgovirt (ALAS-2023-1939)

The version of libgovirt installed on the remote host is prior to 0.3.4-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1939 advisory. Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A...

Medium: libgovirt

Issue Overview: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code. CVE-2018-10893 Affected Packages: libgovirt Issue Correction: Run yu...

Medium: spice-protocol

Issue Overview: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code. CVE-2018-10893 Affected Packages: spice-protocol Issue Correction: R...

Mageia: Security Advisory (MGASA-2019-0100)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:2566-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:2563-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:2593-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:3841-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:2595-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:2584-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : spice-gtk (SUSE-SU-2020:3841-1)

This update for spice-gtk fixes the following issues : CVE-2018-10873: Fixed a potential heap corruption when demarshalling bsc1104448 CVE-2018-10893: Fixed a buffer overflow on image lz checks bsc1101295 Note that Tenable Network Security has extracted the preceding description block directly fr...

SUSE SLES12 Security Update : spice (SUSE-SU-2020:3842-1)

This update for spice fixes the following issues : CVE-2018-10873: Fixed a potential heap corruption when demarshalling bsc1104448 CVE-2018-10893: Fixed a buffer overflow on image lz checks bsc1101295 Note that Tenable Network Security has extracted the preceding description block directly from t...