Lucene search
K

21 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2017-15108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the...

7.8CVSS7AI score0.00419EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.21 views

RHEL 6 : spice-vdagent (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - spice-vdagent: Improper validation of xfers-savedir in vdagentfilexfersdata CVE-2017-15108 Note that Nessus has not...

7.8CVSS7.7AI score0.00419EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.19 views

RHEL 6 : spice-vdagent (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - spice-vdagent: Improper validation of xfers-savedir in vdagentfilexfersdata CVE-2017-15108 - spice-vdagen...

6.7AI score0.0049EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.26 views

RHEL 7 : spice-vdagent (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - spice-vdagent: Improper validation of xfers-savedir in vdagentfilexfersdata CVE-2017-15108 - spice-vdagen...

6.7AI score0.0049EPSS
Exploits4References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:38 a.m.4 views

SUSE CVE-2017-15108

spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed...

7.3CVSS7AI score0.00419EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.22 views

Mageia: Security Advisory (MGASA-2019-0032)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.7AI score0.00419EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.20 views

SUSE: Security Advisory (SUSE-SU-2018:0372-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7AI score0.00419EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2021/01/14 12:0 a.m.20 views

Debian: Security Advisory (DLA-2524-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.7AI score0.0049EPSS
Exploits4References4
Debian
Debian
added 2021/01/13 8:12 a.m.66 views

[SECURITY] [DLA 2524-1] spice-vdagent security update

Debian LTS Advisory DLA-2524-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA January 13, 2021 https://wiki.debian.org/LTS Package : spice-vdagent Version : 0.17.0-1+deb9u1 CVE ID : CVE-2017-15108 CVE-2020-25650 CVE-2020-25651 CVE-2020-25652 CVE-2020-25653 Debian Bug...

7.8CVSS6.7AI score0.0049EPSS
Exploits4
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.28 views

Huawei EulerOS: Security Advisory for spice-vdagent (EulerOS-SA-2018-1052)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.4AI score0.00419EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.26 views

Huawei EulerOS: Security Advisory for spice-vdagent (EulerOS-SA-2018-1051)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.4AI score0.00419EPSS
Exploits0References2
Mageia
Mageia
added 2019/01/11 9:7 p.m.45 views

Updated spice-vdagent package fixes security vulnerability

Improperly escaped save directory that is passed to the shell allows local attacker with access to the session the agent runs to inject arbitrary commands to be executed CVE-2017-15108...

7.8CVSS4AI score0.00419EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/04/10 12:0 a.m.33 views

GLSA-201804-09 : SPICE VDAgent: Arbitrary command injection

The remote host is affected by the vulnerability described in GLSA-201804-09 SPICE VDAgent: Arbitrary command injection SPICE VDAgent does not properly escape save directory before passing to shell. Impact : A local attacker could execute arbitrary commands. Workaround : There is no known...

7.8CVSS7.2AI score0.00419EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/03/20 12:0 a.m.26 views

EulerOS 2.0 SP1 : spice-vdagent (EulerOS-SA-2018-1051)

According to the version of the spice-vdagent package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access...

7.8CVSS7.1AI score0.00419EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/03/20 12:0 a.m.33 views

EulerOS 2.0 SP2 : spice-vdagent (EulerOS-SA-2018-1052)

According to the version of the spice-vdagent package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access...

7.8CVSS7.1AI score0.00419EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/02/08 12:0 a.m.31 views

openSUSE Security Update : spice-vdagent (openSUSE-2018-144)

This update for spice-vdagent provides the following fixes : This security issue was fixed : - CVE-2017-15108: Properly escape save directory that is passed to the shell to prevent local attacker with access to the session the agent runs from injecting arbitrary commands to be executed bsc1070724...

7.8CVSS7AI score0.00419EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/02/07 12:0 a.m.25 views

SUSE SLED12 / SLES12 Security Update : spice-vdagent (SUSE-SU-2018:0372-1)

This update for spice-vdagent provides the following fixes: This security issue was fixed : - CVE-2017-15108: Properly escape save directory that is passed to the shell to prevent local attacker with access to the session the agent runs from injecting arbitrary commands to be executed bsc1070724...

7.8CVSS7AI score0.00419EPSS
Exploits0References5
OSV
OSV
added 2018/01/20 12:29 a.m.2 views

UBUNTU-CVE-2017-15108

spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed...

7.8CVSS5.8AI score0.00419EPSS
Exploits0References2
OSV
OSV
added 2018/01/20 12:29 a.m.20 views

CVE-2017-15108

spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed...

7.8CVSS7.9AI score
Exploits0References3
CVE
CVE
added 2018/01/20 12:0 a.m.86 views

CVE-2017-15108

CVE-2017-15108 affects spice-vdagent (versions up to 0.17.0). Root cause: improper escaping of the save directory before passing to a shell, enabling a local attacker with access to the agent’s session to inject arbitrary commands. The Debian advisory notes a fix in 0.17.0-1+deb9u1; other open-so...

7.8CVSS7.4AI score0.00419EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder