Skip to main content

Vm Server CVE-2020-2571

LOW
2020-01-15 secalert_us@oracle.com
3.3
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.3 LOW
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jan 15, 2020 - 17:15 nvd
LOW 3.3

DescriptionNVD

Vulnerability in the Oracle VM Server for SPARC product of Oracle Systems (component: Templates). The supported version that is affected is 3.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM Server for SPARC executes to compromise Oracle VM Server for SPARC. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM Server for SPARC accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).

AnalysisAI

Vulnerability in the Oracle VM Server for SPARC product of Oracle Systems (component: Templates). Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Technical ContextAI

Vulnerability in the Oracle VM Server for SPARC product of Oracle Systems (component: Templates). The supported version that is affected is 3.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM Server for SPARC executes to compromise Oracle VM Server for SPARC. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM Server for SPARC accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). Affected products include: Oracle Vm Server.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2016-2776 HIGH POC
7.5 Sep 28

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly

CVE-2016-5696 MEDIUM POC
4.8 Aug 06

net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, whic

CVE-2015-8000 MEDIUM
5.0 Dec 16

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of s

CVE-2015-8668 CRITICAL POC
9.8 Jan 08

Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier

CVE-2016-4447 HIGH POC
7.5 Jun 09

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denia

CVE-2016-4448 CRITICAL
9.8 Jun 09

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specif

CVE-2014-1490 CRITICAL
9.3 Feb 06

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.

CVE-2016-6198 MEDIUM POC
5.5 Aug 06

The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is re

CVE-2016-1950 HIGH
8.8 Mar 13

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.

CVE-2016-3960 HIGH
8.8 Apr 19

Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host

CVE-2016-3710 HIGH
8.8 May 11

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS

CVE-2016-4480 HIGH
8.4 May 18

The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Si

Share

CVE-2020-2571 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy