| Max CVSS | 10.0 | Min CVSS | 3.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-5260 | 7.2 |
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter
|
13-02-2023 - 00:52 | 07-06-2016 - 14:06 | |
| CVE-2016-0749 | 10.0 |
The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.
|
12-02-2023 - 23:16 | 09-06-2016 - 16:59 | |
| CVE-2016-2150 | 3.6 |
SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.
|
22-04-2019 - 17:48 | 09-06-2016 - 16:59 | |
| CVE-2015-5261 | 3.6 |
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.
|
16-09-2017 - 01:29 | 07-06-2016 - 14:06 |