Vulnerabilities > Spice Project > Spice > 0.12.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-28 | CVE-2021-20201 | A flaw was found in spice in versions before 0.14.92. | 5.3 |
| 2020-10-07 | CVE-2020-14355 | Classic Buffer Overflow vulnerability in multiple products Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. | 6.6 |
| 2019-02-04 | CVE-2019-3813 | Off-by-one Error vulnerability in multiple products Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. | 5.4 |
| 2018-08-17 | CVE-2018-10873 | Improper Input Validation vulnerability in multiple products A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. | 6.5 |
| 2018-07-27 | CVE-2016-9578 | Improper Input Validation vulnerability in multiple products A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. | 7.5 |
| 2018-07-27 | CVE-2016-9577 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. | 8.8 |
| 2017-07-18 | CVE-2017-7506 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Spice Project Spice spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak. | 8.8 |