Skip to main content
CVE-2016-4962 MEDIUM This Month

The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Vm Server Xen
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2014-8177 MEDIUM This Month

The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Gluster Storage Management Console Gluster Storage Server Storage Native Client
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-3093 MEDIUM PATCH This Month

Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Apache Ognl Struts
NVD
CVSS 3.0
5.3
EPSS
5.1%
CVE-2013-7440 MEDIUM This Month

The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Python Information Disclosure
NVD
CVSS 3.0
5.9
EPSS
0.4%
CVE-2016-5242 MEDIUM This Month

The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS. Rated medium severity (CVSS 5.6). No vendor patch available.

Denial Of Service Xen
NVD
CVSS 3.0
5.6
EPSS
0.1%
CVE-2015-5231 MEDIUM This Month

The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Checkpoint Restore In Userspace Opensuse
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-4963 MEDIUM This Month

The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Authentication Bypass Xen
NVD
CVSS 3.0
4.7
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy