Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OpenVAS
OpenVASadded 2021/06/09 12:0 a.m.18 views

SUSE: Security Advisory (SUSE-SU-2016:1259-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.8AI score0.01144EPSS
Exploits0References6
Veracode
Veracodeadded 2019/01/15 9:7 a.m.42 views

Denial Of Service (DoS)

spice-server is vulnerable to denial of service. A heap-based buffer overflow flaw was found in the way spice handled certain QXL commands related to the "surfaceid" parameter. A user in a guest could use this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the...

7.8CVSS7.8AI score0.00575EPSS
Exploits0References15Affected Software1
Tenable Nessus
Tenable Nessusadded 2016/06/17 12:0 a.m.34 views

SUSE SLED12 / SLES12 Security Update : spice (SUSE-SU-2016:1559-1)

spice was updated to fix four security issues. These security issues were fixed : - CVE-2016-2150: Guest escape using crafted primary surface parameters bsc982386. - CVE-2016-0749: Heap-based buffer overflow in smartcard interaction bsc982385. - CVE-2015-5260: Insufficient validation of surfaceid...

10CVSS7.5AI score0.08561EPSS
Exploits0References13
Cvelist
Cvelistadded 2016/06/07 2:0 p.m.21 views

CVE-2015-5260

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service heap-based memory corruption and QEMU-KVM crash or possibly execute arbitrary code on the host via QXL commands related to the surfaceid parameter...

8.5AI score0.00575EPSS
Exploits0References10
Debian CVE
Debian CVEadded 2016/06/07 2:0 p.m.20 views

CVE-2015-5260

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service heap-based memory corruption and QEMU-KVM crash or possibly execute arbitrary code on the host via QXL commands related to the surfaceid parameter...

7.8CVSS8.7AI score0.00575EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2015/10/15 12:0 a.m.41 views

SUSE SLED12 / SLES12 Security Update : spice (SUSE-SU-2015:1733-1)

Spice was updated to fix three security issues. The following vulnerabilities were fixed : - CVE-2015-3247: heap corruption in the spice server bsc944460 - CVE-2015-5261: Guest could have accessed host memory using crafted images bsc948976 - CVE-2015-5260: Insufficient validation of surfaceid...

7.8CVSS7.3AI score0.01144EPSS
Exploits0References9
RedHat Linux
RedHat Linuxadded 2015/10/12 7:7 p.m.1 views

spice: insufficient validation of surface_id parameter can cause crash

A heap-based buffer overflow flaw was found in the way spice handled certain QXL commands related to the "surfaceid" parameter. A user in a guest could use this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process...

7.8CVSS7.7AI score0.00575EPSS
Exploits0References4
Rows per page
Query Builder