Vulnerabilities > Spice Space > Spice Vdagent
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-26 | CVE-2020-25653 | Race Condition vulnerability in multiple products A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. | 6.3 |
| 2020-11-26 | CVE-2020-25652 | A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. | 5.5 |
| 2020-11-26 | CVE-2020-25651 | A flaw was found in the SPICE file transfer protocol. | 6.4 |
| 2020-11-25 | CVE-2020-25650 | A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. | 5.5 |
| 2018-01-20 | CVE-2017-15108 | spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed. | 7.8 |