- Home
- CVEs with nessus.description==Several vulnerabilities were discovered in spice, a SPICE protocol client and server library. The Common Vulnerabilities and Exposures project identifies the following problems :
- CVE-2016-0749 Jing Zhao of Red Hat discovered a memory allocation flaw, leading to a heap-based buffer overflow in spice's smartcard interaction. A user connecting to a guest VM via spice can take advantage of this flaw to cause a denial-of-service (QEMU process crash), or potentially to execute arbitrary code on the host with the privileges of the hosting QEMU process.
- CVE-2016-2150 Frediano Ziglio of Red Hat discovered that a malicious guest inside a virtual machine can take control of the corresponding QEMU process in the host using crafted primary surface parameters.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top