Latest spice project spice Vulnerabilities

CVE-2021-20201
A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a sin...
Spice Project Spice<0.14.92
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
redhat/spice<0.14.92
CVE-2020-14355
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affec...
debian/spice<=0.14.0-1.3<=0.14.3-1
Spice Project Spice<0.14.2
Redhat Openstack=16.1
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
and 25 more
CVE-2019-3813
An off-by-one error was found in spice when accessing arrays. A malicious guest user can use this for a host denial of service.
debian/spice
redhat/spice<0.14.2
debian/spice<=0.14.0-1.2<=0.12.8-2.1<=0.12.8-2.1+deb9u2
Spice Project Spice>=0.5.2<=0.14.1
Redhat Enterprise Linux Desktop=6.0
Redhat Enterprise Linux Desktop=7.0
and 13 more
CVE-2018-10893
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arb...
Spice Project Spice
CVE-2018-10873
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authenticati...
redhat/spice<0.14.1
redhat/spice-gtk<0.36
ubuntu/spice<0.14.0-1ubuntu4
ubuntu/spice<0.14.0-1ubuntu4
ubuntu/spice<0.14.0-1ubuntu4
ubuntu/spice<0.14.0-1ubuntu4
and 51 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203