spice_project 漏洞與 CVE 列表(15)

產品(CPE): — CVE 數: 15

spice_project 漏洞概覽

彙總 spice_project 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

常見弱點模式包括 緩衝區溢位與輸入驗證問題,在 生產負載與軟體部署 使用場景中可能帶來 應用程式崩潰、記憶體損壞與異常行為 等風險。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 11515 CVE 數
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2021-20201 A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection. [email protected] 5.3 2.65% 2021-05-28 2026-06-16
CVE-2020-14355 Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. [email protected] 6.6 2.66% 2020-10-07 2026-06-16
CVE-2019-3813 Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. [email protected] 7.5 1.21% 2019-02-04 2026-06-16
CVE-2018-10893 Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code. [email protected] 7.6 2.36% 2018-09-11 2026-06-16
CVE-2018-10873 A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. [email protected] 8.3 3.93% 2018-08-17 2026-06-16
CVE-2016-9578 A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash. [email protected] 7.5 2.49% 2018-07-27 2026-06-16
CVE-2016-9577 A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution. [email protected] 7.5 3.84% 2018-07-27 2026-06-16
CVE-2017-7506 spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak. [email protected] 8.8 4.20% 2017-07-18 2026-06-16
CVE-2016-2150 SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261. [email protected] 7.1 0.37% 2016-06-09 2026-06-16
CVE-2016-0749 The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow. [email protected] 9.8 8.49% 2016-06-09 2026-06-16
CVE-2015-5261 Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation. [email protected] 7.1 0.49% 2016-06-07 2026-06-16
CVE-2015-5260 Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter. [email protected] 7.8 0.57% 2016-06-07 2026-06-16
CVE-2015-3247 Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors. [email protected] 6.9 1.14% 2015-09-08 2026-06-16
CVE-2013-4282 Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket. [email protected] 5.0 2.73% 2013-11-02 2026-06-16
CVE-2013-4130 The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable assertion and server exit) by triggering a network error. [email protected] 5.0 2.63% 2013-08-20 2026-06-16
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
cvelogic Threat Intelligence