suse · CVE-2017-15108

Quick triage

Priority: high Published: 2021-05-30 14:02:53 UTC Updated: 2026-04-17 15:53:16 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-15108 severity important: SUSE including 11 source package names (spice-vdagent, spice-vdagent-0.16.0-8.5.15, …), 39 product×package rows across 39 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, … (39 product lines)): Fixed 26, Known Not Affected 13.

Description:

spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.

cvelogic Threat Intelligence