Known Vulnerabilities for Spice by Spice Project
Listed below are 10 of the newest known vulnerabilities associated with "Spice" by "Spice Project".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-48130 json | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spicethemes Spice Blocks spic... | Not Provided | 2025-06-09 | 2026-04-01 |
| CVE-2025-39532 json | Missing Authorization vulnerability in spicethemes Spice Blocks spice-blocks allows Exploiting Incorrectly Configured Access ... | Not Provided | 2025-04-17 | 2026-04-01 |
| CVE-2024-44003 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spicethemes Spice Start... | Not Provided | 2024-09-18 | 2026-04-01 |
| CVE-2021-20201 json | A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial ... | 5.3 - MEDIUM | 2021-05-28 | 2022-10-21 |
| CVE-2020-14355 json | Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, be... | 6.6 - MEDIUM | 2020-10-07 | 2023-11-09 |
| CVE-2019-3813 json | Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt.... | 7.5 - HIGH | 2019-02-04 | 2022-04-26 |
| CVE-2018-10893 json | Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A ma... | 8.8 - HIGH | 2018-09-11 | 2023-02-12 |
| CVE-2018-10873 json | A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked... | 8.8 - HIGH | 2018-08-17 | 2019-10-09 |
| CVE-2017-7506 json | spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from auth... | 8.8 - HIGH | 2017-07-18 | 2023-02-12 |
| CVE-2016-9578 json | A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the ... | 7.5 - HIGH | 2018-07-27 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Spice Project | Spice | 0.9.1 | |||
| Application | Spice Project | Spice | 0.9.0 | |||
| Application | Spice Project | Spice | 0.8.3 | |||
| Application | Spice Project | Spice | 0.8.2 | |||
| Application | Spice Project | Spice | 0.8.1 | |||
| Application | Spice Project | Spice | 0.8.0 | |||
| Application | Spice Project | Spice | 0.7.3 | |||
| Application | Spice Project | Spice | 0.7.2 | |||
| Application | Spice Project | Spice | 0.7.1 | |||
| Application | Spice Project | Spice | 0.7.0 | |||
| Application | Spice Project | Spice | 0.6.4 | |||
| Application | Spice Project | Spice | 0.6.3 | |||
| Application | Spice Project | Spice | 0.6.2 | |||
| Application | Spice Project | Spice | 0.6.1 | |||
| Application | Spice Project | Spice | 0.6.0 | |||
| Application | Spice Project | Spice | 0.5.3 | |||
| Application | Spice Project | Spice | 0.5.2 | |||
| Application | Spice Project | Spice | 0.14.1 | |||
| Application | Spice Project | Spice | 0.14.0 | |||
| Application | Spice Project | Spice | 0.13.91 |