Lucene search
K
OracleVm Server

38 matches found

CVE
CVE
added 2014/02/06 2:0 a.m.15494 views

CVE-2014-1491

CVE-2014-1491 describes an issue in the Mozilla NSS library where public DH values were not properly restricted, enabling remote attackers to bypass cryptographic protections in ticket handling when NSS was used (e.g., in Firefox/Thunderbird/SeaMonkey). The vulnerability affects NSS

4.3CVSS8.4AI score0.04664EPSS
CVE
CVE
added 2016/03/22 10:0 a.m.1287 views

CVE-2016-3115

OpenSSH CVE-2016-3115 affects sshd in OpenSSH prior to 7.2p2. The vulnerability arises from CRLF injection via crafted X11 forwarding data in session.c (related to do_authenticated1 and session_x11_req), allowing a remote authenticated user to bypass shell-command restrictions. In practice, affec...

6.4CVSS6.8AI score0.37016EPSS
CVE
CVE
added 2016/09/28 10:0 a.m.520 views

CVE-2016-2776

CVE-2016-2776 describes a denial-of-service in ISC BIND where a crafted DNS query leads to an assertion failure in buffer.c while building responses, causing named to exit. Affected products/versions include BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3. The root ca...

7.8CVSS6.4AI score0.89482EPSS
CVE
CVE
added 2015/12/16 3:0 p.m.476 views

CVE-2015-8000

CVE-2015-8000 affects ISC BIND 9.x (before 9.9.8-P2 and 9.10.x before 9.10.3-P2). A flaw in db.c parsing incoming responses allows remote DoS via a malformed class attribute, causing an assertion failure and daemon exit. F5’s advisory notes vulnerability presence in BIG-IP family components that ...

5CVSS6.7AI score0.5469EPSS
CVE
CVE
added 2016/03/13 6:0 p.m.276 views

CVE-2016-1950

CVE-2016-1950 is a real NSS vulnerability: a heap-based buffer overflow in the ASN.1 DER parser allows remote code execution via crafted data in X.509 certificates. Affected NSS releases include 3.19.2.3 and 3.20.x, and 3.21.x before 3.21.1; it affects Mozilla Firefox up to 45.0 and Firefox ESR 3...

8.8CVSS7.9AI score0.04192EPSS
CVE
CVE
added 2016/08/06 8:0 p.m.276 views

CVE-2016-6197

CVE-2016-6197 affects the OverlayFS implementation (fs/overlayfs/dir.c) in the Linux kernel before 4.6. The flaw allows a local user to cause a denial of service (system crash) by a rename that specifies a self-hardlink, due to incomplete verification of the upper dentry during unlink/rename. Exp...

5.5CVSS5.4AI score0.00486EPSS
CVE
CVE
added 2016/08/06 8:0 p.m.248 views

CVE-2016-5696

Technical details about CVE-2016-5696 are not publicly provided in the supplied connected documents; monitor for updates.

5.8CVSS6.3AI score0.15073EPSS
CVE
CVE
added 2016/06/09 4:0 p.m.245 views

CVE-2016-4447

CVE-2016-4447 affects libxml2 up to version before 2.9.4. The vulnerability is in the xmlParseElementDecl function (parser.c) where a crafted file via xmlParseName can cause a heap-based buffer underread, leading to denial of service (application crash). Remediation: upgrade to libxml2 2.9.4 or n...

7.5CVSS8.1AI score0.1398EPSS
CVE
CVE
added 2015/07/06 1:0 a.m.231 views

CVE-2015-2721

CVE-2015-2721 (NSS) arises from NSS not correctly handling TLS state machine transitions, allowing a MITM to bypass forward secrecy by blocking the ServerKeyExchange message (the SMACK SKIP-TLS issue). Affected: NSS libraries used by Mozilla Firefox/Thunderbird and related products; impact includ...

4.3CVSS4.1AI score0.03275EPSS
CVE
CVE
added 2015/12/06 12:0 a.m.227 views

CVE-2015-3195

CVE-2015-3195 affects OpenSSL’s ASN.1/TASN_DEC implementation mishandling errors from malformed X509_ATTRIBUTE data, enabling remote attackers to read memory of a CMS/PKCS#7 process. Public records show impact across multiple OpenSSL lines prior to updates: 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 bef...

5.3CVSS6.3AI score0.38709EPSS
CVE
CVE
added 2016/06/09 4:0 p.m.223 views

CVE-2016-4448

CVE-2016-4448 is a format-string vulnerability in libxml2 (pre-2.9.4). The connected F5 advisory confirms libxml2 is the vulnerable component across multiple BIG-IP products and lists specific BIG-IP families/versions as vulnerable, with a table guiding upgrades to non‑vulnerable releases. Impact...

10CVSS9.5AI score0.07039EPSS
CVE
CVE
added 2016/10/16 9:0 p.m.222 views

CVE-2016-7039

CVE-2016-7039 affects the Linux kernel IP stack up to version 4.8.2. An attacker can trigger the GRO path with large crafted packets (e.g., VLAN header packets), causing stack consumption and a possible panic/DoS; this is related to CVE-2016-8666. Nessus/UTSA advisories for Unity Linux reference ...

7.8CVSS7.8AI score0.07613EPSS
CVE
CVE
added 2016/06/27 10:0 a.m.206 views

CVE-2016-4470

CVE-2016-4470 affects the Linux kernel keyring handling: in key_reject_and_link() an uninitialized pointer may be dereferenced after an error, enabling a local attacker to trigger a denial of service (system crash) via crafted keyctl request2. Connected advisories confirm this is a kernel issue w...

5.5CVSS5.8AI score0.00582EPSS
CVE
CVE
added 2015/07/06 1:0 a.m.200 views

CVE-2015-2730

CVE-2015-2730 affects Mozilla NSS (and NSS-used components such as Firefox/NSS bundles) with improper ECC multiplication handling that can enable remote signature forgery of ECDSA signatures. Connected advisories confirm the vulnerability in NSS prior to 3.19.1 and document mitigation through upg...

4.3CVSS4.3AI score0.03594EPSS
CVE
CVE
added 2016/05/17 2:0 p.m.193 views

CVE-2016-3627

CVE-2016-9596, related to libxml2 used in Red Hat JBoss Core Services, allows a denial of service via crafted XML when in recovery mode. This vulnerability exists because of an incorrect fix for CVE-2016-3627 and results in stack consumption. The issue is specifically described as a DoS (stack gr...

7.5CVSS7AI score0.07025EPSS
CVE
CVE
added 2016/05/11 9:0 p.m.190 views

CVE-2016-3710

CVE-2016-3710 : A bounds-checking flaw in QEMU’s VGA module (VBE read/write via I/O ports) allows a privileged guest to modify banked video memory and execute arbitrary code on the host with QEMU process privileges. Root cause: out-of-bounds read/write in VGA bank access. Impact: potential host c...

8.8CVSS8.7AI score0.00916EPSS
CVE
CVE
added 2016/08/02 4:0 p.m.189 views

CVE-2016-5403

CVE-2016-5403 affects QEMU’s virtio path (virtqueue_pop in hw/virtio/virtio.c). A local guest OS administrator can cause a denial of service via unbounded memory allocation by submitting virtqueue requests without waiting for completion, potentially crashing the QEMU process. Public postings acro...

5.5CVSS5.9AI score0.0052EPSS
CVE
CVE
added 2013/02/08 7:0 p.m.179 views

CVE-2013-1620

The CVE-2013-1620 entry concerns the TLS implementation in Mozilla NSS. It describes a timing-side‑channel flaw during a noncompliant CBC padding (MAC check) processing for malformed TLS records, allowing remote attackers to perform distinguishing attacks and plaintext-recovery through timing ana...

4.3CVSS6.7AI score0.03723EPSS
CVE
CVE
added 2016/05/02 10:0 a.m.176 views

CVE-2016-2117

CVE-2016-2117 affects the Atheros L2 ethernet driver (atl2) in the Linux kernel up to version 4.5.2. The root cause is incorrect enablement of scatter/gather I/O, which can allow a remote attacker to read packet data and potentially obtain sensitive kernel memory information. Public documents fro...

7.5CVSS7.8AI score0.06386EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.174 views

CVE-2014-1490

CVE-2014-1490 : A race condition in NSS libssl session ticket processing (use-after-free) could allow remote attackers to cause a denial of service or, per the description, potentially other impact via a resumption handshake. Affected: NSS up to 3.15.4 and, by extension, Mozilla products (Firefox...

9.3CVSS8.8AI score0.0399EPSS
CVE
CVE
added 2023/09/20 8:39 p.m.155 views

CVE-2023-22024

CVE-2023-22024 affects the Unbreakable Enterprise Kernel (UEK) RDS module, where two setsockopt options (RDS_CONN_RESET and RDS6_CONN_RESET) are not re-entrant. A local attacker with CAP_NET_ADMIN can crash the kernel. Connected advisories (e.g., Oracle ELSA updates) indicate a security update ad...

5.5CVSS5.2AI score0.00168EPSS
CVE
CVE
added 2016/08/06 8:0 p.m.149 views

CVE-2016-6198

CVE-2016-6198 affects the Linux kernel (pre-4.5.5) in its OverlayFS path. The bug occurs when a file under OverlayFS is renamed to a self-hardlink, causing post-rename operations to run and potentially crash the kernel. Local users can trigger a denial of service (system crash) via a rename sysca...

5.5CVSS6AI score0.00613EPSS
CVE
CVE
added 2013/04/03 10:0 a.m.141 views

CVE-2013-0791

The connected Nessus advisories confirm CVE-2013-0791 affects Mozilla NSS and upstream products via CERT_DecodeCertPackage, allowing remote doS through out-of-bounds reads and memory corruption when processing crafted certificates. Affected: NSS libraries and apps (Firefox before 20.0, ESR 17.x b...

5CVSS5.5AI score0.05213EPSS
CVE
CVE
added 2016/05/11 9:0 p.m.137 views

CVE-2016-3712

The CVE-2016-3712 issue affects QEMU’s VGA emulator (VBE mode) where an integer overflow/out-of-bounds read occurs when editing VGA registers, enabling a privileged guest to crash the QEMU host process (DoS). Multiple connected advisories reference this CVE as part of a set of QEMU/VGA vulnerabil...

5.5CVSS6.4AI score0.00513EPSS
CVE
CVE
added 2016/09/21 6:0 p.m.128 views

CVE-2016-3991

LibTIFF 4.0.6 and earlier is affected by CVE-2016-3991 via the tiffcrop tool. The root cause is a heap-based buffer overflow in loadImage(): when TIFFNumberOfTiles() returns 0, loadImage() still reads tile data and allocates 3 bytes per tile, causing a heap overflow if the tile data exceeds 3 byt...

7.8CVSS8.9AI score0.03853EPSS
CVE
CVE
added 2016/01/08 7:0 p.m.122 views

CVE-2015-8668

CVE-2015-8668 is a heap-based buffer overflow in the PackBitsPreEncode function of tif_packbits.c used by bmp2tiff in libtiff (versions

9.8CVSS9.7AI score0.13722EPSS
CVE
CVE
added 2016/09/21 6:0 p.m.117 views

CVE-2016-3945

CVE-2016-3945 : LibTIFF’s tiff2rgba handles a crafted TIFF image (width/height anomalies in cvt_by_strip and cvt_by_tile) that leads to an out-of-bounds write, enabling possible denial of service or arbitrary code execution. Root cause: improper buffer allocation in those functions when -b mode i...

7.8CVSS8.7AI score0.03377EPSS
CVE
CVE
added 2016/09/21 6:0 p.m.110 views

CVE-2016-3990

CVE-2016-3990 is a heap-based buffer overflow in LibTIFF 4.0.6 and earlier, located in horizontalDifference8() of tif_pixarlog.c. Exploitation via a crafted TIFF image passed to tiffcp can cause denial of service or arbitrary code execution. Public advisories from Debian and Arch Linux, and F5 no...

7.8CVSS8.3AI score0.03886EPSS
CVE
CVE
added 2016/04/19 2:0 p.m.94 views

CVE-2016-3960

CVE-2016-3960 affects the Xen hypervisor’s x86 shadow pagetable code. The issue is an integer overflow in shadow pagetables that local guest OS users can exploit to cause a host crash (DoS) or potentially gain host privileges by shadowing a superpage mapping. Public advisories (e.g., SUSE/openSUS...

8.8CVSS8.5AI score0.00455EPSS
CVE
CVE
added 2016/09/21 6:0 p.m.92 views

CVE-2016-3632

LibTIFF 4.0.6 and earlier contains an out-of-bounds write in _TIFFVGetField() (tif_dirinfo.c) that can allow remote attackers to cause a denial of service or execute arbitrary code via a crafted TIFF image. Impact is consistent with remote code execution or crash when processing TIFFs. Mitigation...

7.8CVSS8.7AI score0.03123EPSS
CVE
CVE
added 2016/04/13 4:0 p.m.89 views

CVE-2016-3159

CVE-2016-3159 affects Xen 4.x on AMD64, where the fpu_fxrstor handler in arch/x86/i387.c mishandles writes to the FSW.ES bit, enabling a local guest to read sensitive register content from another guest by exploiting pending exception/mask bits. The issue stems from an incorrect fix for CVE-2013-...

3.8CVSS6AI score0.00399EPSS
CVE
CVE
added 2016/04/13 4:0 p.m.87 views

CVE-2016-3158

CVE-2016-3158 concerns the Xen hypervisor. The vulnerability stems from the xrstor function in arch/x86/xstate.c when running on AMD64 processors, where writes to the hardware FSW.ES bit are not properly handled. This could allow a local guest OS user to obtain sensitive register content from ano...

3.8CVSS6AI score0.0041EPSS
CVE
CVE
added 2016/02/19 4:0 p.m.86 views

CVE-2016-2270

CVE-2016-2270 affects Xen 4.6.x and earlier. The root cause is inconsistent cachability settings on MMIO guest mappings, as evidenced by multiple mappings of MMIO pages with different cachability, which can be exploited by a local guest administrator to trigger a host denial of service (host rebo...

6.8CVSS6.8AI score0.01481EPSS
CVE
CVE
added 2016/05/18 2:0 p.m.74 views

CVE-2016-4480

CVE-2016-4480 affects Xen 4.6.x and earlier. The vulnerability in arch/x86/mm/guest_walk.c mishandles the PS bit in L3/L4 Page Tables, potentially enabling local guest OS users to gain privileges via a crafted memory mapping. Exploitation is local with low complexity; impact is privilege escalati...

8.4CVSS8.2AI score0.00542EPSS
CVE
CVE
added 2016/06/07 2:0 p.m.74 views

CVE-2016-4962

CVE-2016-4962 affects Xen’s libxl device-handling in Xen 4.6.x and earlier. It can allow local guest administrators to cause a denial of service or gain host OS privileges by manipulating xenstore. Connected advisories indicate this vulnerability was addressed in Xen updates by vendors (e.g., SUS...

6.8CVSS6.7AI score0.00399EPSS
CVE
CVE
added 2017/01/27 10:1 p.m.61 views

CVE-2017-3242

CVE-2017-3242 affects Oracle VM Server for Sparc (LDOM Manager subcomponent). Affected: 3.2 and 3.4. Vulnerability allows a low-privileged user with logon to the infrastructure to compromise the server; successful attacks require user interaction and may cause a hang or frequent crashes (partial/...

5.9CVSS5.8AI score0.00351EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.58 views

CVE-2020-2571

CVE-2020-2571 affects Oracle VM Server for SPARC (Templates), with vulnerability resting in version 3.6. The flaw can be triggered by a locally present attacker who has logon to the infrastructure and requires user interaction to exploit, potentially leading to unauthorized updates or reads in Or...

3.3CVSS3.4AI score0.00427EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.57 views

CVE-2015-0452

The CVE-2015-0452 entry affects Oracle VM Server for SPARC, specifically the Ldom Manager subcomponent of the Oracle Sun Systems Products Suite, versioned around 3.1/3.2. The connected CNVD/NVD entries describe an unspecified remote vulnerability that allows a remote attacker to read data, compro...

4.3CVSS5.8AI score0.01685EPSS