rpm package
opensuse/spice-vdagent&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/spice-vdagent&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-25650 | — | < 0.21.0-1.7 | 0.21.0-1.7 | Nov 25, 2020 | A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory | ||
| CVE-2017-15108 | Hig | 7.8 | < 0.21.0-1.7 | 0.21.0-1.7 | Jan 20, 2018 | spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed. |
- CVE-2020-25650Nov 25, 2020affected < 0.21.0-1.7fixed 0.21.0-1.7
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory
- affected < 0.21.0-1.7fixed 0.21.0-1.7
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.