rpm package
suse/spice&distro=SUSE Linux Enterprise Server 12
pkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Server%2012
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-2150 | Hig | 7.1 | < 0.12.4-8.9.1 | 0.12.4-8.9.1 | Jun 9, 2016 | SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261. | |
| CVE-2016-0749 | Cri | 9.8 | < 0.12.4-8.9.1 | 0.12.4-8.9.1 | Jun 9, 2016 | The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow. | |
| CVE-2015-5261 | Hig | 7.1 | < 0.12.4-8.5.1 | 0.12.4-8.5.1 | Jun 7, 2016 | Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation. | |
| CVE-2015-5260 | Hig | 7.8 | < 0.12.4-8.5.1 | 0.12.4-8.5.1 | Jun 7, 2016 | Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter. | |
| CVE-2015-3247 | — | < 0.12.4-8.5.1 | 0.12.4-8.5.1 | Sep 8, 2015 | Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors. | ||
| CVE-2013-4282 | — | < 0.12.4-6.1 | 0.12.4-6.1 | Nov 2, 2013 | Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket. |
- affected < 0.12.4-8.9.1fixed 0.12.4-8.9.1
SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.
- affected < 0.12.4-8.9.1fixed 0.12.4-8.9.1
The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.
- affected < 0.12.4-8.5.1fixed 0.12.4-8.5.1
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.
- affected < 0.12.4-8.5.1fixed 0.12.4-8.5.1
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.
- CVE-2015-3247Sep 8, 2015affected < 0.12.4-8.5.1fixed 0.12.4-8.5.1
Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors.
- CVE-2013-4282Nov 2, 2013affected < 0.12.4-6.1fixed 0.12.4-6.1
Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.