1741 matches found
CVE-2018-25349
The CVE-2018-25349 vulnerability affects userSpice 4.3.24. A cross-site scripting flaw arises from crafted X-Forwarded-For header values sent to backup.php, with scripts executing when administrators visit the audit log page. This is the explicit impact described in the connected records. No reme...
EUVD-2018-21869
userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the backup.php endpoint with XSS payloads in the X-Forwarded-For header that execute when administrators...
Unity Linux 20.1060e / 20.1070e Security Update: spice-vdagent (UTSA-2026-016611)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016611 advisory. A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with acce...
Unity Linux 20.1060e / 20.1070e Security Update: spice-vdagent (UTSA-2026-016625)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016625 advisory. A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to...
Unity Linux 20.1060e / 20.1070e Security Update: spice-vdagent (UTSA-2026-016615)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016615 advisory. A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: spice (UTSA-2026-016591)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016591 advisory. A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service CPU consumption by performing...
Unity Linux 20.1060e / 20.1070e Security Update: spice-vdagent (UTSA-2026-016620)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016620 advisory. A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: spice (UTSA-2026-016604)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016604 advisory. Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE clie...
ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2475 more potentially affected by CVE-2026-42587 via io.netty:netty-codec-http2 (>=4.2.0.Alpha1 <=4.2.12.Final)
io.netty:netty-codec-http2 MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.1 and more Source cves: CVE-2026-42587 Source advisory: SNYK:JAVA-IONETTY-16438929...
Astra Linux - уязвимость в spice
A flaw was discovered in the spice library in versions prior to 0.14.92. A DoS tool could make it easier for remote attackers to cause a denial of service CPU consumption by performing multiple renegotiations within a single connection...
Astra Linux - уязвимость в qemu
A flaw was discovered in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. This flaw occurs when dropping packets during a bulk transfer from a SPICE client, due to the packet queue being full. A malicious SPICE client could exploit this flaw to call the free function in...
RHSA-2026:2529 Red Hat Security Advisory: spice-client-win security update
Bulletin has no description...
RHSA-2026:2528 Red Hat Security Advisory: spice-client-win security update
Bulletin has no description...
RHSA-2026:2513 Red Hat Security Advisory: spice-client-win security update
Bulletin has no description...
Important: Red Hat Security Advisory: spice-client-win security update
An update for spice-client-win is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...
Important: Red Hat Security Advisory: spice-client-win security update
An update for spice-client-win is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this...
RHSA-2026:2514 Red Hat Security Advisory: spice-client-win security update
Bulletin has no description...
spice-client-win security update
An update is available for spice-client-win. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Spice client MSI installers for Windows clients Security Fixes:...
Important: Red Hat Security Advisory: spice-client-win security update
An update for spice-client-win is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...
Important: Red Hat Security Advisory: spice-client-win security update
An update for spice-client-win is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...