Vm Server@3.2 Security Vulnerabilities and Issues — Vm Server@3.2 CVE List

Lucene search

OracleVm Server3.2

16 matches found

CVE•added 2014/02/06 5:44 a.m.•12369 views

CVE-2014-1491

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote...

4.3CVSS8.4AI score0.00607EPSS

CVE•added 2016/03/22 10:59 a.m.•1071 views

CVE-2016-3115

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.

6.4CVSS6.8AI score0.45137EPSS

CVE•added 2016/09/28 10:59 a.m.•454 views

CVE-2016-2776

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.

7.8CVSS6.4AI score0.90734EPSS

CVE•added 2015/12/16 3:59 p.m.•430 views

CVE-2015-8000

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.

5CVSS6.7AI score0.54087EPSS

CVE•added 2016/03/13 6:59 p.m.•205 views

CVE-2016-1950

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

8.8CVSS7.9AI score0.03012EPSS

CVE•added 2015/12/06 8:59 p.m.•175 views

CVE-2015-3195

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by...

5.3CVSS6.3AI score0.02068EPSS

CVE•added 2015/07/06 2:0 a.m.•159 views

CVE-2015-2721

Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attack...

4.3CVSS4.1AI score0.00914EPSS

CVE•added 2013/02/08 7:55 p.m.•133 views

CVE-2013-1620

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attac...

4.3CVSS6.7AI score0.01291EPSS

CVE•added 2016/05/11 9:59 p.m.•133 views

CVE-2016-3710

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

8.8CVSS8.7AI score0.00086EPSS

CVE•added 2015/07/06 2:1 a.m.•132 views

CVE-2015-2730

Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof EC...

4.3CVSS4.3AI score0.0034EPSS

CVE•added 2013/04/03 11:56 a.m.•112 views

CVE-2013-0791

The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial...

5CVSS5.5AI score0.00584EPSS

CVE•added 2014/02/06 5:44 a.m.•101 views

CVE-2014-1490

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possi...

9.3CVSS8.8AI score0.00915EPSS

CVE•added 2016/04/19 2:59 p.m.•75 views

CVE-2016-3960

Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.

8.8CVSS8.5AI score0.00084EPSS

CVE•added 2016/05/18 2:59 p.m.•59 views

CVE-2016-4480

The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.

8.4CVSS8.2AI score0.0015EPSS

CVE•added 2017/01/27 10:59 p.m.•46 views

CVE-2017-3242

Vulnerability in the Oracle VM Server for Sparc component of Oracle Sun Systems Products Suite (subcomponent: LDOM Manager). Supported versions that are affected are 3.2 and 3.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM Server ...

5.9CVSS5.8AI score0.00145EPSS

CVE•added 2015/04/16 4:59 p.m.•39 views

CVE-2015-0452

Unspecified vulnerability in the Oracle VM Server for SPARC component in Oracle Sun Systems Products Suite 3.1 and 3.2 allows remote attackers to affect confidentiality via unknown vectors related to Ldom Manager.

4.3CVSS5.8AI score0.00321EPSS