Search criteria
2 vulnerabilities found for spice-vdagent by Red Hat, Inc.
CVE-2017-15108 (GCVE-0-2017-15108)
Vulnerability from cvelistv5 – Published: 2018-01-20 00:00 – Updated: 2024-08-05 19:50
VLAI?
Summary
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Red Hat, Inc. | spice-vdagent |
Affected:
up to and including 0.17.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:15.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201804-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201804-09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61"
},
{
"name": "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "spice-vdagent",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "up to and including 0.17.0"
}
]
}
],
"datePublic": "2017-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T09:06:16",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201804-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201804-09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61"
},
{
"name": "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15108",
"datePublished": "2018-01-20T00:00:00Z",
"dateReserved": "2017-10-08T00:00:00",
"dateUpdated": "2024-08-05T19:50:15.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15108 (GCVE-0-2017-15108)
Vulnerability from nvd – Published: 2018-01-20 00:00 – Updated: 2024-08-05 19:50
VLAI?
Summary
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Red Hat, Inc. | spice-vdagent |
Affected:
up to and including 0.17.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:15.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201804-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201804-09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61"
},
{
"name": "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "spice-vdagent",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "up to and including 0.17.0"
}
]
}
],
"datePublic": "2017-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T09:06:16",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201804-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201804-09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61"
},
{
"name": "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15108",
"datePublished": "2018-01-20T00:00:00Z",
"dateReserved": "2017-10-08T00:00:00",
"dateUpdated": "2024-08-05T19:50:15.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}