21 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-15108
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the...
RHEL 6 : spice-vdagent (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - spice-vdagent: Improper validation of xfers-savedir in vdagentfilexfersdata CVE-2017-15108 Note that Nessus has not...
RHEL 6 : spice-vdagent (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - spice-vdagent: Improper validation of xfers-savedir in vdagentfilexfersdata CVE-2017-15108 - spice-vdagen...
RHEL 7 : spice-vdagent (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - spice-vdagent: Improper validation of xfers-savedir in vdagentfilexfersdata CVE-2017-15108 - spice-vdagen...
SUSE CVE-2017-15108
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed...
Mageia: Security Advisory (MGASA-2019-0032)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:0372-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-2524-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2524-1] spice-vdagent security update
Debian LTS Advisory DLA-2524-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA January 13, 2021 https://wiki.debian.org/LTS Package : spice-vdagent Version : 0.17.0-1+deb9u1 CVE ID : CVE-2017-15108 CVE-2020-25650 CVE-2020-25651 CVE-2020-25652 CVE-2020-25653 Debian Bug...
Huawei EulerOS: Security Advisory for spice-vdagent (EulerOS-SA-2018-1052)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for spice-vdagent (EulerOS-SA-2018-1051)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated spice-vdagent package fixes security vulnerability
Improperly escaped save directory that is passed to the shell allows local attacker with access to the session the agent runs to inject arbitrary commands to be executed CVE-2017-15108...
GLSA-201804-09 : SPICE VDAgent: Arbitrary command injection
The remote host is affected by the vulnerability described in GLSA-201804-09 SPICE VDAgent: Arbitrary command injection SPICE VDAgent does not properly escape save directory before passing to shell. Impact : A local attacker could execute arbitrary commands. Workaround : There is no known...
EulerOS 2.0 SP1 : spice-vdagent (EulerOS-SA-2018-1051)
According to the version of the spice-vdagent package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access...
EulerOS 2.0 SP2 : spice-vdagent (EulerOS-SA-2018-1052)
According to the version of the spice-vdagent package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access...
openSUSE Security Update : spice-vdagent (openSUSE-2018-144)
This update for spice-vdagent provides the following fixes : This security issue was fixed : - CVE-2017-15108: Properly escape save directory that is passed to the shell to prevent local attacker with access to the session the agent runs from injecting arbitrary commands to be executed bsc1070724...
SUSE SLED12 / SLES12 Security Update : spice-vdagent (SUSE-SU-2018:0372-1)
This update for spice-vdagent provides the following fixes: This security issue was fixed : - CVE-2017-15108: Properly escape save directory that is passed to the shell to prevent local attacker with access to the session the agent runs from injecting arbitrary commands to be executed bsc1070724...
UBUNTU-CVE-2017-15108
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed...
CVE-2017-15108
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed...
CVE-2017-15108
CVE-2017-15108 affects spice-vdagent (versions up to 0.17.0). Root cause: improper escaping of the save directory before passing to a shell, enabling a local attacker with access to the agent’s session to inject arbitrary commands. The Debian advisory notes a fix in 0.17.0-1+deb9u1; other open-so...