Vulnerabilities > Spice Project > Spice > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-09-11 | CVE-2018-10893 | Heap-based Buffer Overflow vulnerability in Spice Project Spice Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. | 8.8 |
2018-07-27 | CVE-2016-9578 | Improper Input Validation vulnerability in multiple products A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. | 7.5 |
2018-07-27 | CVE-2016-9577 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. | 8.8 |
2017-07-18 | CVE-2017-7506 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Spice Project Spice spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak. | 8.8 |
2016-06-07 | CVE-2015-5260 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter. | 7.8 |