Search CVE reports
11 – 20 of 32 results
Some fixes available 18 of 153
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
20 affected packages
android, basilisk2, bochs, fs-uae, libslirp...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| android | Not in release | Not in release | Not in release | Not in release | Not in release |
| basilisk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| bochs | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| fs-uae | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libslirp | Not affected | Not affected | Not affected | Not affected | Not in release |
| ns3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qemu | Fixed | Fixed | Fixed | Fixed | Fixed |
| qemu-kvm | Not in release | Not in release | Not in release | Not in release | Not in release |
| qemu-kvm-spice | Not in release | Not in release | Not in release | Not in release | Not in release |
| qemu-linaro | Not in release | Not in release | Not in release | Not in release | Not in release |
| redboot-imx | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| slirp | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| slirp4netns | Not affected | Not affected | Not affected | Not affected | Not in release |
| vde2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| virtualbox | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| virtualbox-hwe | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| virtualbox-lts-vivid | Not in release | Not in release | Not in release | Not in release | Not in release |
| virtualbox-lts-wily | Not in release | Not in release | Not in release | Not in release | Not in release |
| virtualbox-lts-xenial | Not in release | Not in release | Not in release | Not in release | Not in release |
| xen | Not affected | Not affected | Not affected | Not affected | Not affected |
Some fixes available 18 of 105
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
13 affected packages
android, basilisk2, bochs, fs-uae, libslirp...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| android | Not in release | Not in release | Not in release | Not in release | Not in release |
| basilisk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| bochs | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| fs-uae | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libslirp | Not affected | Not affected | Not affected | Not affected | Not in release |
| qemu | Fixed | Fixed | Fixed | Fixed | Fixed |
| qemu-kvm | Not in release | Not in release | Not in release | Not in release | Not in release |
| qemu-kvm-spice | Not in release | Not in release | Not in release | Not in release | Not in release |
| qemu-linaro | Not in release | Not in release | Not in release | Not in release | Not in release |
| slirp | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| slirp4netns | Not affected | Not affected | Not affected | Not affected | Not in release |
| vde2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xen | Not affected | Not affected | Not affected | Not affected | Not affected |
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
3 affected packages
spice, spice-gtk, spice-protocol
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| spice | — | — | — | — | Fixed |
| spice-gtk | — | — | — | — | Not affected |
| spice-protocol | — | — | — | — | Not affected |
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
1 affected package
spice-gtk
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| spice-gtk | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 19 of 20
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially...
3 affected packages
spice, spice-gtk, spice-protocol
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| spice | Fixed | Fixed | Fixed | Fixed | Fixed |
| spice-gtk | Not affected | Not affected | Not affected | Not affected | Vulnerable |
| spice-protocol | Not affected | Not affected | Not affected | Not affected | Not affected |
Some fixes available 20 of 22
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of...
3 affected packages
spice, spice-gtk, spice-protocol
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| spice | Fixed | Fixed | Fixed | Fixed | Fixed |
| spice-gtk | Not affected | Not affected | Not affected | Not affected | Vulnerable |
| spice-protocol | Not affected | Not affected | Not affected | Not affected | Not affected |
Some fixes available 17 of 19
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.
1 affected package
spice-vdagent
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| spice-vdagent | Fixed | Fixed | Fixed | Fixed | Fixed |
Some fixes available 3 of 4
spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.
1 affected package
spice
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| spice | — | — | — | — | — |
The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard.
1 affected package
spice-gtk
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| spice-gtk | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 4 of 5
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.
1 affected package
spice
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| spice | — | — | — | — | — |