Skip to main content

Virtualization

115 CVEs product

Monthly

CVE-2014-7815 MEDIUM This Month

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Qemu Debian Linux Enterprise Linux Desktop Enterprise Linux Eus +7
NVD
CVSS 2.0
5.0
EPSS
5.2%
CVE-2014-3615 LOW PATCH Monitor

The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Qemu Debian Linux Enterprise Linux Desktop Enterprise Linux Eus +8
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-6459 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Virtualization
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-2476 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Virtualization
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-2475 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect availability via vectors related to SGD. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Virtualization
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-2474 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Virtualization
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-2473 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Virtualization
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-2472 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Virtualization
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-4232 MEDIUM This Month

Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect integrity via unknown vectors related. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Virtualization Virtualization Secure Global Desktop
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-3469 MEDIUM PATCH This Month

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Null Pointer Dereference Gnutls Libtasn1 Virtualization +11
NVD
CVSS 2.0
5.0
EPSS
8.7%
CVE-2014-3468 HIGH PATCH Act Now

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.7%.

Buffer Overflow Gnutls Libtasn1 Virtualization Debian Linux +11
NVD
CVSS 2.0
7.5
EPSS
10.7%
CVE-2014-3467 MEDIUM PATCH This Month

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Buffer Overflow Gnutls Libtasn1 Virtualization +12
NVD
CVSS 2.0
5.0
EPSS
6.8%
CVE-2014-2463 MEDIUM This Month

Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect integrity via unknown vectors related. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Virtualization
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-2439 MEDIUM This Month

Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect confidentiality and integrity via unknown vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Virtualization
NVD VulDB
CVSS 2.0
6.4
EPSS
0.3%
CVE-2013-3834 MEDIUM This Month

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5 allows remote attackers to affect availability via unknown vectors related to ttaauxserv. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Virtualization
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-4344 HIGH This Week

Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qemu Opensuse Enterprise Linux Desktop Enterprise Linux Server +3
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-3782 MEDIUM This Month

Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 prior to 4.63 and 4.7 prior to 4.71 allows remote attackers to affect integrity via unknown vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Virtualization
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-3779 HIGH This Week

Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization All 4.6 releases including 4.63 and 4.7 prior to 4.71 allows remote attackers to affect confidentiality,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Virtualization Vm Virtualbox
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2012-6075 CRITICAL PATCH Act Now

Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Qemu Fedora Opensuse +9
NVD
CVSS 2.0
9.3
EPSS
7.5%
CVE-2013-0420 LOW POC PATCH Monitor

Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. Rated low severity (CVSS 2.4). Public exploit code available.

Information Disclosure Oracle Opensuse Virtualization Vm Virtualbox
NVD
CVSS 2.0
2.4
EPSS
0.1%
CVE-2012-3515 HIGH This Week

Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Xen Opensuse Linux Enterprise Desktop +9
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2012-3221 LOW POC PATCH Monitor

Unspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 allows local users to affect availability via unknown vectors related to VirtualBox Core. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Oracle Virtualization
NVD Exploit-DB
CVSS 2.0
2.1
EPSS
0.4%
CVE-2012-1685 MEDIUM PATCH This Month

Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 allows remote attackers to affect integrity via unknown vectors related to Core. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Virtualization
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-0111 LOW Monitor

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oracle Virtualization Vm Virtualbox
NVD
CVSS 2.0
3.6
EPSS
0.1%
CVE-2012-0105 LOW Monitor

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to. Rated low severity (CVSS 3.7). No vendor patch available.

Information Disclosure Oracle Microsoft Virtualization Vm Virtualbox
NVD
CVSS 2.0
3.7
EPSS
0.1%
EPSS 5% CVSS 5.0
MEDIUM This Month

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Qemu Debian Linux +9
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Qemu Debian Linux +10
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Virtualization
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Virtualization
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect availability via vectors related to SGD. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Virtualization
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Virtualization
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Virtualization
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Virtualization
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect integrity via unknown vectors related. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Virtualization +1
NVD
EPSS 9% CVSS 5.0
MEDIUM PATCH This Month

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Null Pointer Dereference Gnutls +13
NVD
EPSS 11% CVSS 7.5
HIGH PATCH Act Now

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.7%.

Buffer Overflow Gnutls Libtasn1 +13
NVD
EPSS 7% CVSS 5.0
MEDIUM PATCH This Month

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Buffer Overflow Gnutls +14
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect integrity via unknown vectors related. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Virtualization
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect confidentiality and integrity via unknown vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Virtualization
NVD VulDB
EPSS 1% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5 allows remote attackers to affect availability via unknown vectors related to ttaauxserv. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Virtualization
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qemu Opensuse +5
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 prior to 4.63 and 4.7 prior to 4.71 allows remote attackers to affect integrity via unknown vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Virtualization
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization All 4.6 releases including 4.63 and 4.7 prior to 4.71 allows remote attackers to affect confidentiality,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Virtualization +1
NVD
EPSS 8% CVSS 9.3
CRITICAL PATCH Act Now

Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Qemu +11
NVD
EPSS 0% CVSS 2.4
LOW POC PATCH Monitor

Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. Rated low severity (CVSS 2.4). Public exploit code available.

Information Disclosure Oracle Opensuse +2
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Xen +11
NVD
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Unspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 allows local users to affect availability via unknown vectors related to VirtualBox Core. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Oracle Virtualization
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 allows remote attackers to affect integrity via unknown vectors related to Core. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Virtualization
NVD
EPSS 0% CVSS 3.6
LOW Monitor

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oracle Virtualization +1
NVD
EPSS 0% CVSS 3.7
LOW Monitor

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to. Rated low severity (CVSS 3.7). No vendor patch available.

Information Disclosure Oracle Microsoft +2
NVD
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy