Spice-space Spice-vdagent — known CVE vulnerabilities
Every CVE whose affected-product data names Spice-space Spice-vdagent, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2017-15108 — CVSS 7.8 (high): spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with…
CVE-2020-25651 — CVSS 6.4 (medium): A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client…
CVE-2020-25653 — CVSS 6.3 (medium): A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an…
CVE-2020-25652 — CVSS 5.5 (medium): A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX…
CVE-2020-25650 — CVSS 5.5 (medium): A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged…
CVE-2026-57965 — CVSS 5.1 (medium): A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted…
CVE-2026-57966 — CVSS 4.4 (medium): A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files…