CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

EUVD•added 2026/05/23 6:30 p.m.•9 views

EUVD-2018-21869

userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the backup.php endpoint with XSS payloads in the X-Forwarded-For header that execute when administrators...

6.1CVSS5.7AI score0.00203EPSS

Exploits0References2

OSV•added 2024/09/13 2:39 p.m.•12 views

RHSA-2017:0254 Red Hat Security Advisory: spice security update

Bulletin has no description...

7.5CVSS8.1AI score0.03844EPSS

Exploits0References11

OSV•added 2024/09/13 2:7 p.m.•8 views

RHSA-2019:0231 Red Hat Security Advisory: spice security update

Bulletin has no description...

8CVSS7.6AI score0.01208EPSS

Exploits0References7

OSV•added 2024/09/13 10:38 a.m.•6 views

RHSA-2015:1714 Red Hat Security Advisory: spice security update

Bulletin has no description...

6.9CVSS7.6AI score0.01144EPSS

Exploits0References7

OSV•added 2019/02/05 12:57 p.m.•4 views

SUSE-SU-2019:0241-1 Security update for spice

This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed a out-of-bounds read in the memslotgetvirt function that could lead to denial-of-service or code-execution bsc1122706...

7.5CVSS7.4AI score0.01208EPSS

Exploits0References3

OSV•added 2019/01/30 12:0 a.m.•24 views

DLA-1649-1 spice - security update

Bulletin has no description...

7.5CVSS7.6AI score0.01208EPSS

Exploits0

OSV•added 2017/07/11 4:3 p.m.•5 views

SUSE-SU-2017:1837-1 Security update for spice

This update for spice fixes the following issues: - CVE-2017-7506: A possible buffer overflow via invalid monitor configurations bsc1046779...

8.8CVSS8.9AI score0.04204EPSS

Exploits0References3

OSV•added 2017/02/16 12:0 a.m.•28 views

DSA-3790-1 spice - security update

Bulletin has no description...

8.8CVSS8.1AI score0.03844EPSS

Exploits0

OSV•added 2016/06/09 4:59 p.m.•8 views

CVE-2016-0749

The smartcard interaction in SPICE allows remote attackers to cause a denial of service QEMU-KVM process crash or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow...

9.8CVSS9.7AI score

Exploits0References8

OSV•added 2016/05/07 7:47 a.m.•6 views

SUSE-SU-2016:1259-1 Security update for spice

Spice was updated to fix three security issues. The following vulnerabilities were fixed: CVE-2015-3247: heap corruption in the spice server bsc944460 CVE-2015-5261: Guest could have accessed host memory using crafted images bsc948976 CVE-2015-5260: Insufficient validation of surfaceid parameter...

7.8CVSS7.8AI score0.01144EPSS

Exploits0References7

OSV•added 2015/04/02 9:43 a.m.•6 views

SUSE-SU-2015:0884-2 Security update for spice

The remote desktop software SPICE was updated to address one security issue. The following vulnerabilitiy was fixed: A stack-based buffer overflow in the password handling code allowed remote attackers to cause a denial of service crash via a long password in a SPICE ticket. bsc848279, CVE-2013-4...

5CVSS7AI score0.0273EPSS

Exploits2References3

OSV•added 2013/11/02 7:55 p.m.•5 views

CVE-2013-4282

Stack-based buffer overflow in the redshandleticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service crash via a long password in a SPICE ticket...

6.8AI score

Exploits0References9

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by