Lucene search
K

144 matches found

Tenable Nessus
Tenable Nessus
added 6 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-57965

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This...

5.1CVSS6.1AI score0.00123EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 6 days ago11 views

Linux Distros Unpatched Vulnerability : CVE-2026-57966

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on th...

4.4CVSS6AI score0.00137EPSS
Exploits0References3
NVD
NVD
added last week9 views

CVE-2026-57965

A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resulting in a Denial of Service DoS for the virtua...

5.1CVSS0.00123EPSS
Exploits0References2
NVD
NVD
added last week8 views

CVE-2026-57966

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS0.00137EPSS
Exploits0References2
OSV
OSV
added last week3 views

UBUNTU-CVE-2026-57966

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS5.9AI score0.00137EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added last week6 views

CVE-2026-57964

A flaw was found in spice-vdagent. On macOS and BSD platforms, an unprivileged local user can bypass authentication by connecting to the Unix Domain Socket Client/Server UDSCS socket. This allows the unauthorized user to receive host-to-guest messages, including clipboard data and file transfers,...

5.3CVSS5.8AI score
Exploits0References3
Cvelist
Cvelist
added last week33 views

CVE-2026-57966 Spice-vdagent: path traversal in file transfer via unsanitized filename

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS0.00137EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-57966

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS5.9AI score0.00137EPSS
Exploits0References3
EUVD
EUVD
added last week6 views

EUVD-2026-40050

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS5.9AI score0.00137EPSS
Exploits0References2
Debian CVE
Debian CVE
added last week4 views

CVE-2026-57966

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS5.9AI score0.00137EPSS
Exploits0
CVE
CVE
added last week15 views

CVE-2026-57966

Summary (CVE-2026-57966): A path traversal flaw in spice-vdagent allows a malicious/untrusted SPICE host to write arbitrary files on the guest filesystem via an unsanitized filename during file transfers. The vulnerability enables writes with the spice-vdagent process privileges (usually the logg...

4.4CVSS5.9AI score0.00137EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-57966

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS5.9AI score0.00137EPSS
Exploits0References3
CVE
CVE
added last week12 views

CVE-2026-57965

CVE-2026-57965 describes a vulnerability in spice-vdagent where an integer overflow in udscs_write() can cause a heap buffer overflow, crashing the spice-vdagent daemon and resulting in a Denial of Service for the guest VM. Exploitation requires a malicious or compromised SPICE host, i.e., an unt...

5.1CVSS5.9AI score0.00123EPSS
Exploits0References2
Cvelist
Cvelist
added last week32 views

CVE-2026-57965 Spice-vdagent: integer overflow in udscs_write() leading to heap buffer overflow

A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resulting in a Denial of Service DoS for the virtua...

5.1CVSS0.00123EPSS
Exploits0References2
EUVD
EUVD
added last week7 views

EUVD-2026-40049

A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resulting in a Denial of Service DoS for the virtua...

5.1CVSS5.9AI score0.00123EPSS
Exploits0References2
Debian CVE
Debian CVE
added last week5 views

CVE-2026-57965

A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resulting in a Denial of Service DoS for the virtua...

5.1CVSS5.9AI score0.00123EPSS
Exploits0
RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-57965

A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resulting in a Denial of Service DoS for the virtua...

5.1CVSS5.9AI score0.00123EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53237

Name of the Vulnerable Software and Affected Versions spice-vdagent affected versions not specified Description A flaw exists where a malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This occurs within the udscs write function, which can...

5.1CVSS6.3AI score0.00123EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53238

Name of the Vulnerable Software and Affected Versions spice-vdagent affected versions not specified Description A path traversal flaw exists in spice-vdagent, where a path traversal is a vulnerability that allows an attacker to access files and directories that are stored outside the web root...

4.4CVSS6.1AI score0.00137EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.8 views

Unity Linux 20.1060e / 20.1070e Security Update: spice-vdagent (UTSA-2026-016611)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016611 advisory. A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with acce...

5.5CVSS5.8AI score0.0049EPSS
Exploits1References4
Rows per page
Query Builder