Unity Linux 20.1060e / 20.1070e Security Update: spice-vdagent (UTSA-2026-016611)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016611 advisory. A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with acce...

Unity Linux 20.1060e / 20.1070e Security Update: spice-vdagent (UTSA-2026-016620)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016620 advisory. A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local...

MiracleLinux 8 : spice-vdagent-0.20.0-3.el8 (AXSA:2021-2117:03)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2117:03 advisory. spice-vdagent: possible file transfer DoS and information leak via activexfers hash map CVE-2020-25651 spice-vdagent: UNIX domain socket peer PID...

EUVD-2020-18315

Malware in sbrugna...

EUVD-2017-6573

Malware in sbrugna...

EUVD-2020-18314

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-25650

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with...

Linux Distros Unpatched Vulnerability : CVE-2020-25651

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate...

TencentOS Server 3: spice-vdagent (TSSA-2022:0084)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0084 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Alibaba Cloud Linux 3 : 0084: spice-vdagent (ALINUX3-SA-2022:0084)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0084 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-25650: A flaw was found in the wa...

Linux Distros Unpatched Vulnerability : CVE-2017-15108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the...

RHSA-2021:1791 Red Hat Security Advisory: spice-vdagent security and bug fix update

Bulletin has no description...

RHEL 6 : spice-vdagent (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - spice-vdagent: Improper validation of xfers-savedir in vdagentfilexfersdata CVE-2017-15108 Note that Nessus has not...

RHEL 7 : spice-vdagent (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - spice-vdagent: Improper validation of xfers-savedir in vdagentfilexfersdata CVE-2017-15108 Note that Nessus has not...

RHEL 7 : spice-vdagent-win (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rhevm: spice service unquoted search path CVE-2013-2152 Note that Nessus has not tested for this issue but has...

RHEL 6 : spice-vdagent (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - spice-vdagent: Improper validation of xfers-savedir in vdagentfilexfersdata CVE-2017-15108 - spice-vdagen...

RHEL 7 : spice-vdagent (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - spice-vdagent: Improper validation of xfers-savedir in vdagentfilexfersdata CVE-2017-15108 - spice-vdagen...

SUSE CVE-2017-15108

spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed...

SUSE CVE-2020-25650

A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path /run/spice-vdagentd/spice-vdagent-sock could use this flaw to perform a memory denial of service f...

SUSE CVE-2020-25651

A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The...