20 matches found
EUVD-2018-2939
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-10873
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A...
SUSE CVE-2010-0407
Multiple buffer overflows in the MSGFunctionDemarshall function in winscardsvc.c in the PC/SC Smart Card daemon aka PCSCD in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled...
SUSE CVE-2018-10873
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or,...
SUSE: Security Advisory (SUSE-SU-2018:2593-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NewStart CGSL MAIN 4.05 : spice-server Multiple Vulnerabilities (NS-SA-2019-0144)
The remote NewStart CGSL host, running version MAIN 4.05, has spice-server packages installed that are affected by multiple vulnerabilities: - A vulnerability was discovered in spice server's protocol handling. An authenticated attacker could send specially crafted messages to the spice server,...
Updated spice packages fix security vulnerability
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslotgetvirt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. CVE-2019-3813 A vulnerability was discovered in SPICE before versio...
Demarshalling With Improper Bounds Check
libspice-client-glib-2.0.so, libspice-client-gtk-2.0.so, libspice-client-gtk-3.0.so are vulnerable to demarshalling with improper bounds check. The vulnerability exists due to the lack of check where demarshalling could happen at an item position beyond the message end, leading to a denial of...
spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service
A vulnerability was discovered in SPICE where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts...
spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service
A vulnerability was discovered in SPICE where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts...
Demarshalling With Improper Bounds Check
libspice-client-glib-2.0.so, libspice-client-gtk-2.0.so, libspice-client-gtk-3.0.so are vulnerable to demarshalling with improper bounds check. The vulnerability exists due to the lack of check where demarshalling could happen at an item position beyond the message end, leading to a denial of...
ALPINE-CVE-2018-10873
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or,...
CVE-2018-10873
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or,...
DEBIAN-CVE-2018-10873
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or,...
CVE-2018-10873
CVE-2018-10873 affects SPICE before 0.14.1: a missing bounds check in demarshal.py:write_validate_array_item can be exploited by an authenticated remote peer to crash the SPICE client/server. Public advisories (Debian, IBM, Mageia/CentOS) describe denial of service and potential code execution im...
CVE-2018-10873
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or,...
CVE-2018-10873
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or,...
pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages
Multiple buffer overflows in the MSGFunctionDemarshall function in winscardsvc.c in the PC/SC Smart Card daemon aka PCSCD in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled...
pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages
The MSGFunctionDemarshall function in winscardsvc.c in the PC/SC Smart Card daemon aka PCSCD in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service daemon crash via crafted SCARDSETATTRIB message data, which is improperly demarshalled and triggers a buffer over-read...
Buffer overflow
The MSGFunctionDemarshall function in winscardsvc.c in the PC/SC Smart Card daemon aka PCSCD in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service daemon crash via crafted SCARDSETATTRIB message data, which is improperly demarshalled and triggers a buffer over-read...