CVE-2026-57965

Publié : 29 juin 2026

Modifié : 29 juin 2026

Score CVSS

5.1

MEDIUM

Description détaillée

A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resulting in a Denial of Service (DoS) for the virtual machine. This issue requires the SPICE host to be untrusted or compromised for exploitation.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Références et Patchs

https://access.redhat.com/security/cve/CVE-2026-57965 https://bugzilla.redhat.com/show_bug.cgi?id=2493581

Dernières Vulnérabilités

CVE-2026-57346

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Epiphyt Embed Privacy allows Path Traversal. This issue affects Embed Privacy: from n/a through 1.12.3.

VOIR DÉTAILS

CVE-2026-25707

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation.

VOIR DÉTAILS

CVE-2026-13601

A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document, attacker-controlled content can bypass Flatpak's intended sandbox isolation, allowing Yelp to evaluate local XML inclusions and disclose arbitrary user-readable host files through remote CSS resource requests. This may result in the unauthorized disclosure of sensitive information.

VOIR DÉTAILS