Known Vulnerabilities for products from Spice Project
Listed below are 15 of the newest known vulnerabilities associated with the vendor "Spice Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-20201 | A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial ... | 5.3 - MEDIUM | 2021-05-28 | 2022-10-21 |
| CVE-2020-14355 | Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, be... | 6.6 - MEDIUM | 2020-10-07 | 2023-11-09 |
| CVE-2019-3813 | Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt.... | 7.5 - HIGH | 2019-02-04 | 2022-04-26 |
| CVE-2018-10893 | Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A ma... | 8.8 - HIGH | 2018-09-11 | 2023-02-12 |
| CVE-2018-10873 | A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked... | 8.8 - HIGH | 2018-08-17 | 2019-10-09 |
| CVE-2017-7506 | spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from auth... | 8.8 - HIGH | 2017-07-18 | 2023-02-12 |
| CVE-2016-9578 | A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the ... | 7.5 - HIGH | 2018-07-27 | 2023-11-07 |
| CVE-2016-9577 | A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could sen... | 8.8 - HIGH | 2018-07-27 | 2023-11-07 |
| CVE-2016-2150 | SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parame... | 7.1 - HIGH | 2016-06-09 | 2019-04-22 |
| CVE-2016-0749 | The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly ... | 9.8 - CRITICAL | 2016-06-09 | 2023-02-12 |
| CVE-2015-5261 | Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on th... | 7.1 - HIGH | 2016-06-07 | 2017-09-16 |
| CVE-2015-5260 | Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corru... | 7.8 - HIGH | 2016-06-07 | 2023-02-13 |
| CVE-2015-3247 | Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to caus... | 6.9 - MEDIUM | 2015-09-08 | 2023-02-12 |
| CVE-2013-4282 | Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to ca... | 5 - MEDIUM | 2013-11-02 | 2023-02-13 |
| CVE-2013-4130 | The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before ... | 5 - MEDIUM | 2013-08-20 | 2014-01-24 |