Lucene search
+L

192 matches found

UbuntuCve
UbuntuCve
added 2018/03/14 12:0 a.m.20 views

CVE-2017-12194

A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are...

10CVSS7AI score0.05544EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2017/09/30 3:8 a.m.133 views

Security update for spice (important)

This update for spice fixes the following security issues: - CVE-2017-7506: Fixed an out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak bsc1046779. This update was imported from the...

6.5CVSS3.6AI score0.04204EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/08/22 12:0 a.m.4 views

spice: Possible buffer overflow via invalid monitor configurations

A vulnerability was discovered in spice server's protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing out-of-bounds memory accesses, leading to parts of server memory being leaked or a crash...

8.8CVSS7.2AI score0.04204EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2017/08/22 12:0 a.m.17 views

Scientific Linux Security Update : spice on SL7.x x86_64 (20170815)

Security Fixes : - A vulnerability was discovered in spice server's protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing out-of-bounds memory accesses, leading to parts of server memory being leaked or a crash. CVE-2017-7506 This issue wa...

8.8CVSS7.6AI score0.04204EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/08/16 12:0 a.m.30 views

Oracle Linux 7 : spice (ELSA-2017-2471)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-2471 advisory. - Redo build properly versioned as a zstream build Related: CVE-2017-7506 Tenable has extracted the preceding description block directly from the Oracle Linux...

8.8CVSS7.7AI score0.04204EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/08/15 3:49 a.m.5 views

spice: Possible buffer overflow via invalid monitor configurations

A vulnerability was discovered in spice server's protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing out-of-bounds memory accesses, leading to parts of server memory being leaked or a crash...

8.8CVSS7.2AI score0.04204EPSS
Exploits0References4
Prion
Prion
added 2017/07/18 3:29 p.m.22 views

Out-of-bounds

spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak...

6.5CVSS8.3AI score0.04204EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2017/07/18 3:29 p.m.33 views

CVE-2017-7506

spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak...

8.8CVSS8.5AI score0.04204EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2017/07/13 12:0 a.m.27 views

Virtuozzo 6 : spice-server / spice-server-devel (VZLSA-2017-0253)

An update for spice-server is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

8.8CVSS7.6AI score0.03844EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2017/07/13 12:0 a.m.33 views

Virtuozzo 7 : spice-server / spice-server-devel (VZLSA-2017-0254)

An update for spice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

8.8CVSS7.7AI score0.03844EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2017/07/11 7:19 a.m.26 views

CVE-2017-7506

A vulnerability was discovered in spice server's protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing out-of-bounds memory accesses, leading to parts of server memory being leaked or a crash...

9.1CVSS2.3AI score0.04204EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/03/16 3:26 p.m.5 views

spice: Buffer overflow in main_channel_alloc_msg_rcv_buf when reading large messages

A vulnerability was discovered in SPICE in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution...

8.8CVSS6AI score0.03844EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/03/16 3:25 p.m.5 views

spice: Buffer overflow in main_channel_alloc_msg_rcv_buf when reading large messages

A vulnerability was discovered in SPICE in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution...

8.8CVSS6AI score0.03844EPSS
Exploits0References4
Mageia
Mageia
added 2017/02/23 2:58 p.m.38 views

Updated spice packages fix security vulnerability

An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution. CVE-2016-9577 An attacker able to connect to the spice server could send crafted messages which would cause the process to crash. CVE-2016-9578...

8.8CVSS2.4AI score0.03844EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2017/02/07 12:0 a.m.16 views

RedHat Update for spice-server RHSA-2017:0253-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.2AI score0.03844EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2017/02/07 12:0 a.m.23 views

CentOS Update for spice-server CESA-2017:0253 centos6

Check the version of spice-server SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882652";...

8.8CVSS7.7AI score0.03844EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/02/07 12:0 a.m.23 views

Scientific Linux Security Update : spice-server on SL6.x x86_64 (20170205)

Security Fixes : - A vulnerability was discovered in spice in the server's protocol handling. An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution. CVE-2016-9577 - A vulnerability was discovered in spice in...

8.8CVSS7.8AI score0.03844EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/02/07 12:0 a.m.46 views

CentOS 6 : spice-server (CESA-2017:0253)

An update for spice-server is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

8.8CVSS7.7AI score0.03844EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/02/07 12:0 a.m.36 views

SUSE SLED12 / SLES12 Security Update : spice (SUSE-SU-2017:0392-1)

This security update for spice fixes the following issues : - CVE-2016-9577: A buffer overflow in the spice server could have potentially been used by unauthenticated attackers to execute arbitrary code. bsc1023078 CVE-2016-9578: Unauthenticated attackers could have caused a denial of service via...

8.8CVSS8.2AI score0.03844EPSS
Exploits0References7
OSV
OSV
added 2017/02/06 11:9 a.m.3 views

SUSE-SU-2017:0392-1 Security update for spice

This security update for spice fixes the following issues: CVE-2016-9577: A buffer overflow in the spice server could have potentially been used by unauthenticated attackers to execute arbitrary code. bsc1023078 CVE-2016-9578: Unauthenticated attackers could have caused a denial of service via a...

8.8CVSS8.4AI score0.03844EPSS
Exploits0References5
Rows per page
Query Builder