Lucene search
K

148 matches found

RedHat Linux
RedHat Linux
added 2021/05/18 2:16 p.m.34 views

Moderate: Red Hat Security Advisory: spice-vdagent security and bug fix update

An update for spice-vdagent is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

6.4CVSS6.3AI score0.0049EPSS
Exploits4References8
OSV
OSV
added 2021/05/18 6:5 a.m.27 views

RLSA-2021:1791 Moderate: spice-vdagent security and bug fix update

The spice-vdagent packages provide a SPICE agent for Linux guests. Security Fixes: spice-vdagent: possible file transfer DoS and information leak via activexfers hash map CVE-2020-25651 spice-vdagent: UNIX domain socket peer PID retrieved via SOPEERCRED is subject to race condition CVE-2020-25653...

6.4CVSS6.4AI score0.0049EPSS
Exploits4References7
Rockylinux
Rockylinux
added 2021/05/18 6:5 a.m.35 views

spice-vdagent security and bug fix update

An update is available for spice-vdagent. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The spice-vdagent packages provide a SPICE agent for Linux guests...

6.4CVSS6.3AI score0.0049EPSS
Exploits4
AlmaLinux
AlmaLinux
added 2021/05/18 6:5 a.m.42 views

Moderate: spice-vdagent security and bug fix update

The spice-vdagent packages provide a SPICE agent for Linux guests. Security Fixes: spice-vdagent: possible file transfer DoS and information leak via activexfers hash map CVE-2020-25651 spice-vdagent: UNIX domain socket peer PID retrieved via SOPEERCRED is subject to race condition CVE-2020-25653...

6.4CVSS6.3AI score0.0049EPSS
Exploits4References4
OSV
OSV
added 2021/05/18 6:5 a.m.26 views

ALSA-2021:1791 Moderate: spice-vdagent security and bug fix update

The spice-vdagent packages provide a SPICE agent for Linux guests. Security Fixes: spice-vdagent: possible file transfer DoS and information leak via activexfers hash map CVE-2020-25651 spice-vdagent: UNIX domain socket peer PID retrieved via SOPEERCRED is subject to race condition CVE-2020-25653...

6.4CVSS6.3AI score0.0049EPSS
Exploits4References4
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.20 views

SUSE: Security Advisory (SUSE-SU-2018:0372-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7AI score0.00419EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2021/02/18 12:0 a.m.21 views

Fedora: Security Advisory for spice-vdagent (FEDORA-2021-510977db25)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.4CVSS6.6AI score0.0049EPSS
Exploits4References2
Fedora
Fedora
added 2021/02/12 1:44 a.m.71 views

[SECURITY] Fedora 33 Update: spice-vdagent-0.21.0-1.fc33

Spice agent for Linux guests offering the following features: Features: Client mouse mode no need to grab mouse by client, no mouse lag this is handled by the daemon by feeding mouse events into the kernel via uinput. This will only work if the active X-session is running a spice-vdagent process ...

6.4CVSS0.6AI score0.0049EPSS
Exploits4
OpenVAS
OpenVAS
added 2021/02/12 12:0 a.m.20 views

Fedora: Security Advisory for spice-vdagent (FEDORA-2021-09ce0cdfac)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.4CVSS6.6AI score0.00431EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2021/01/14 12:0 a.m.20 views

Debian: Security Advisory (DLA-2524-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.7AI score0.0049EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2021/01/14 12:0 a.m.37 views

Debian DLA-2524-1 : spice-vdagent security update

Several vulnerabilities were discovered in spice-vdagent, a spice guest agent for enchancing SPICE integeration and experience. CVE-2017-15108 spice-vdagent does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to...

7.8CVSS6.6AI score0.0049EPSS
Exploits4References8
Debian
Debian
added 2021/01/13 8:12 a.m.66 views

[SECURITY] [DLA 2524-1] spice-vdagent security update

Debian LTS Advisory DLA-2524-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA January 13, 2021 https://wiki.debian.org/LTS Package : spice-vdagent Version : 0.17.0-1+deb9u1 CVE ID : CVE-2017-15108 CVE-2020-25650 CVE-2020-25651 CVE-2020-25652 CVE-2020-25653 Debian Bug...

7.8CVSS6.7AI score0.0049EPSS
Exploits4
OSV
OSV
added 2021/01/13 12:0 a.m.24 views

DLA-2524-1 spice-vdagent - security update

Bulletin has no description...

7.8CVSS6.2AI score0.0049EPSS
Exploits4
Mageia
Mageia
added 2020/12/29 11:57 a.m.43 views

Updated spice-vdagent package fixes security vulnerabilities

Matthias Gerstner discovered that SPICE vdagent incorrectly handled the activexfers hash table. A local attacker could possibly use this issue to cause SPICE vdagent to consume memory, resulting in a denial of service CVE-2020-25650. Matthias Gerstner discovered that SPICE vdagent incorrectly...

6.4CVSS2.6AI score0.0049EPSS
Exploits4References3
OSV
OSV
added 2020/12/29 11:57 a.m.6 views

MGASA-2020-0474 Updated spice-vdagent package fixes security vulnerabilities

Matthias Gerstner discovered that SPICE vdagent incorrectly handled the activexfers hash table. A local attacker could possibly use this issue to cause SPICE vdagent to consume memory, resulting in a denial of service CVE-2020-25650. Matthias Gerstner discovered that SPICE vdagent incorrectly...

6.4CVSS6AI score0.0049EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.36 views

SUSE SLED15 / SLES15 Security Update : spice-vdagent (SUSE-SU-2020:3268-1)

This update for spice-vdagent fixes the following issues : Security issues fixed : CVE-2020-25650: Fixed a memory DoS via arbitrary entries in activexfers hash table bsc1177780. CVE-2020-25651: Fixed a possible file transfer DoS and information leak via activexfers hash map bsc1177781...

6.4CVSS6.1AI score0.0049EPSS
Exploits4References14
NVD
NVD
added 2020/11/26 2:15 a.m.19 views

CVE-2020-25651

A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The...

6.4CVSS6.1AI score0.00293EPSS
Exploits1References5
OSV
OSV
added 2020/11/26 2:15 a.m.7 views

AZL-7365 CVE-2020-25653 affecting package spice-vdagent for versions less than 0.22.1-1

A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The...

6.3CVSS6.5AI score0.00326EPSS
Exploits1References1
OSV
OSV
added 2020/11/26 2:15 a.m.2 views

DEBIAN-CVE-2020-25652

A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in /run/spice-vdagentd/spice-vdagent-sock. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to th...

5.5CVSS5.5AI score0.00431EPSS
Exploits1References1
OSV
OSV
added 2020/11/26 2:15 a.m.6 views

AZL-7363 CVE-2020-25651 affecting package spice-vdagent for versions less than 0.22.1-1

A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The...

6.4CVSS6.5AI score0.00293EPSS
Exploits1References1
Rows per page
Query Builder