Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-15108

Опубликовано: 20 янв. 2018
Источник: ubuntu
Приоритет: medium
CVSS2: 4.6
CVSS3: 7.8

Описание

spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.

РелизСтатусПримечание
artful

ignored

end of life
bionic

released

0.17.0-1ubuntu2
cosmic

released

0.17.0-1ubuntu2
devel

released

0.17.0-1ubuntu2
disco

released

0.17.0-1ubuntu2
eoan

released

0.17.0-1ubuntu2
esm-apps/xenial

needed

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was needed]
esm-infra/bionic

released

0.17.0-1ubuntu2
esm-infra/focal

released

0.17.0-1ubuntu2

Показывать по

Ссылки на источники

4.6 Medium

CVSS2

7.8 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2017-15108

CVSS3: 7.8
nvd
около 8 лет назад

spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.

debian логотип

CVE-2017-15108

CVSS3: 7.8
debian
около 8 лет назад

spice-vdagent up to and including 0.17.0 does not properly escape save ...

suse-cvrf логотип

openSUSE-SU-2018:0399-1

suse-cvrf
почти 8 лет назад

security update for spice-vdagent

suse-cvrf логотип

SUSE-SU-2018:0372-1

suse-cvrf
около 8 лет назад

security update for spice-vdagent

github логотип

GHSA-rx22-vq3w-89rg

CVSS3: 7.8
github
больше 3 лет назад

spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.

4.6 Medium

CVSS2

7.8 High

CVSS3