View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-15108 severity important: SUSE including 11 source package names (spice-vdagent, spice-vdagent-0.16.0-8.5.15, …), 39 product×package rows across 39 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, … (39 product lines)): Fixed 26, Known Not Affected 13.
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.