VYPR

rpm package

opensuse/spice-vdagent&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/spice-vdagent&distro=openSUSE%20Tumbleweed

Vulnerabilities (2)

  • CVE-2020-25650Nov 25, 2020
    affected < 0.21.0-1.7fixed 0.21.0-1.7

    A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory

  • CVE-2017-15108HigJan 20, 2018
    affected < 0.21.0-1.7fixed 0.21.0-1.7

    spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.