Spice Vdagent Spice Space Spice Vdagent

Do you want an email whenever new security vulnerabilities are reported in Spice Space Spice Vdagent?

By the Year

In 2024 there have been 0 vulnerabilities in Spice Space Spice Vdagent . Spice Vdagent did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 4 5.93
2019 0 0.00
2018 1 7.80

It may take a day or so for new Spice Vdagent vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Spice Space Spice Vdagent Security Vulnerabilities

A flaw was found in the SPICE file transfer protocol

CVE-2020-25651 6.4 - Medium - November 26, 2020

A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.

Information Disclosure

A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections

CVE-2020-25652 5.5 - Medium - November 26, 2020

A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior.

Allocation of Resources Without Limits or Throttling

A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections

CVE-2020-25653 6.3 - Medium - November 26, 2020

A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.

Race Condition

A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine

CVE-2020-25650 5.5 - Medium - November 25, 2020

A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions.

Allocation of Resources Without Limits or Throttling

spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell

CVE-2017-15108 7.8 - High - January 20, 2018

spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.

Shell injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Debian Linux or by Spice Space? Click the Watch button to subscribe.

Spice Space
Vendor

subscribe