CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-05-27 22:52:34 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
efebdd4f2d72a3494ec92163e9e88e00a3646b8a
CVEs-PoC/2017/CVE-2017-15108.md
T
0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00

19 lines
770 B
Markdown
Raw Blame History

### [CVE-2017-15108](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15108)
![](https://img.shields.io/static/v1?label=Product&message=spice-vdagent&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=up%20to%20and%20including%200.17.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78&color=brightgreen)
### Description
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/andir/nixos-issue-db-example
- https://github.com/seokjeon/SARD-vs-CVE
Reference in New Issue View Git Blame Copy Permalink