VYPR

rpm package

suse/spice&distro=SUSE Linux Enterprise Server 12

pkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Server%2012

Vulnerabilities (6)

  • CVE-2016-2150HigJun 9, 2016
    affected < 0.12.4-8.9.1fixed 0.12.4-8.9.1

    SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

  • CVE-2016-0749CriJun 9, 2016
    affected < 0.12.4-8.9.1fixed 0.12.4-8.9.1

    The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.

  • CVE-2015-5261HigJun 7, 2016
    affected < 0.12.4-8.5.1fixed 0.12.4-8.5.1

    Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

  • CVE-2015-5260HigJun 7, 2016
    affected < 0.12.4-8.5.1fixed 0.12.4-8.5.1

    Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.

  • CVE-2015-3247Sep 8, 2015
    affected < 0.12.4-8.5.1fixed 0.12.4-8.5.1

    Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors.

  • CVE-2013-4282Nov 2, 2013
    affected < 0.12.4-6.1fixed 0.12.4-6.1

    Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.