Search
Find a vulnerability
Search criteria
2 vulnerabilities found for spice-vdagent by Red Hat, Inc.
CVE-2017-15108 (GCVE-0-2017-15108)
Vulnerability from nvd – Published: 2018-01-20 00:00 – Updated: 2024-08-05 19:50
VLAI
Summary
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/201804-09 | vendor-advisoryx_refsource_GENTOO |
| https://cgit.freedesktop.org/spice/linux/vd_agent… | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat, Inc. | spice-vdagent |
Affected:
up to and including 0.17.0
|
Date Public
2017-11-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:15.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201804-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201804-09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61"
},
{
"name": "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "spice-vdagent",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "up to and including 0.17.0"
}
]
}
],
"datePublic": "2017-11-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T09:06:16.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201804-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201804-09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61"
},
{
"name": "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15108",
"datePublished": "2018-01-20T00:00:00.000Z",
"dateReserved": "2017-10-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:50:15.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15108 (GCVE-0-2017-15108)
Vulnerability from cvelistv5 – Published: 2018-01-20 00:00 – Updated: 2024-08-05 19:50
VLAI
Summary
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/201804-09 | vendor-advisoryx_refsource_GENTOO |
| https://cgit.freedesktop.org/spice/linux/vd_agent… | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat, Inc. | spice-vdagent |
Affected:
up to and including 0.17.0
|
Date Public
2017-11-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:15.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201804-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201804-09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61"
},
{
"name": "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "spice-vdagent",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "up to and including 0.17.0"
}
]
}
],
"datePublic": "2017-11-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T09:06:16.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201804-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201804-09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61"
},
{
"name": "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15108",
"datePublished": "2018-01-20T00:00:00.000Z",
"dateReserved": "2017-10-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:50:15.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}