Skip to main content

Vm Server

37 CVEs product

Monthly

CVE-2023-22024 MEDIUM This Month

In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS_CONN_RESET and RDS6_CONN_RESET, that are not re-entrant. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Vm Server Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-2571 LOW PATCH Monitor

Vulnerability in the Oracle VM Server for SPARC product of Oracle Systems (component: Templates). Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Oracle Authentication Bypass Vm Server
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2017-3242 MEDIUM PATCH This Month

Vulnerability in the Oracle VM Server for Sparc component of Oracle Sun Systems Products Suite (subcomponent: LDOM Manager). Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Server
NVD VulDB
CVSS 3.0
5.9
EPSS
0.1%
CVE-2016-7039 HIGH PATCH This Week

The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Vm Server Linux Kernel
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2016-2776 HIGH POC THREAT Act Now

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 88.4%.

Denial Of Service Linux Vm Server Bind Hp Ux +1
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
88.4%
Threat
5.7
CVE-2016-3991 HIGH PATCH This Week

Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow Vm Server Libtiff
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2016-3990 HIGH PATCH This Week

Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow Libtiff Vm Server
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2016-3945 HIGH PATCH This Week

Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Buffer Overflow Denial Of Service Libtiff +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-3632 HIGH PATCH This Week

The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Memory Corruption Buffer Overflow RCE Libtiff +1
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2016-6198 MEDIUM POC PATCH This Month

The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Authentication Bypass Linux Kernel Vm Server
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-6197 MEDIUM PATCH This Month

fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Vm Server
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-5696 MEDIUM POC PATCH THREAT This Month

net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 52.0%.

Linux Information Disclosure Android Vm Server Linux Kernel
NVD GitHub
CVSS 3.0
4.8
EPSS
52.0%
Threat
4.0
CVE-2016-5403 MEDIUM PATCH This Month

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Ubuntu Linux Linux Vm Server Qemu +9
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2016-4470 MEDIUM PATCH This Month

The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Vm Server Linux Kernel Suse Linux Enterprise Real Time Extension +10
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-4448 CRITICAL Act Now

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Icewall Federation Agent Watchos Mac Os X Libxml2 +15
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2016-4447 HIGH POC PATCH This Week

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Icewall Federation Agent Ubuntu Linux Debian Linux +8
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2016-4962 MEDIUM This Month

The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Vm Server Xen
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2016-4480 HIGH This Week

The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Vm Server Xen
NVD
CVSS 3.0
8.4
EPSS
0.4%
CVE-2016-3627 HIGH PATCH This Week

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap Debian Linux Icewall Federation Agent Icewall File Manager +10
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2016-3712 MEDIUM PATCH This Month

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Denial Of Service Buffer Overflow Vm Server Qemu +9
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2016-3710 HIGH PATCH This Week

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Buffer Overflow Debian Linux Helion Openstack Ubuntu Linux +12
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2016-2117 HIGH PATCH This Week

The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Vm Server Ubuntu Linux Linux Kernel
NVD GitHub
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-3960 HIGH PATCH This Week

Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen Fedora Vm Server
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-3159 LOW PATCH Monitor

The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Vm Server Xen Fedora Debian Linux
NVD
CVSS 3.0
3.8
EPSS
0.0%
CVE-2016-3158 LOW PATCH Monitor

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xen Fedora Vm Server
NVD
CVSS 3.0
3.8
EPSS
0.0%
CVE-2016-1950 HIGH This Week

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE Network Security Services Firefox +10
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2016-2270 MEDIUM PATCH This Month

Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Debian Linux Fedora Xen Vm Server
NVD
CVSS 3.0
6.8
EPSS
0.3%
CVE-2015-8668 CRITICAL POC Act Now

Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow RCE Libtiff +5
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2015-8000 MEDIUM PATCH This Month

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 67.1%.

Denial Of Service Linux Solaris Vm Server Bind
NVD
CVSS 2.0
5.0
EPSS
67.1%
CVE-2015-3195 MEDIUM This Month

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Mac Os X Api Gateway Communications Webrtc Session Controller +21
NVD
CVSS 3.1
5.3
EPSS
3.5%
CVE-2015-2730 MEDIUM This Month

Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Suse Linux Enterprise Software Development Kit Debian Linux Suse Linux Enterprise Desktop +4
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-2721 MEDIUM POC This Month

Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Suse Linux Enterprise Software Development Kit Ubuntu Linux Debian Linux +5
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-0452 MEDIUM This Month

Unspecified vulnerability in the Oracle VM Server for SPARC component in Oracle Sun Systems Products Suite 3.1 and 3.2 allows remote attackers to affect confidentiality via unknown vectors related to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Vm Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-1491 MEDIUM POC PATCH This Month

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Mozilla Authentication Bypass Firefox Network Security Services Seamonkey +10
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-1490 CRITICAL PATCH Act Now

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Denial Of Service Mozilla Race Condition Firefox Network Security Services +11
NVD
CVSS 2.0
9.3
EPSS
1.6%
CVE-2013-0791 MEDIUM PATCH This Month

The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Mozilla Firefox Network Security Services +10
NVD
CVSS 2.0
5.0
EPSS
2.1%
CVE-2013-1620 MEDIUM This Month

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Network Security Services Ubuntu Linux Enterprise Manager Ops Center +12
NVD
CVSS 2.0
4.3
EPSS
0.9%
EPSS 0% CVSS 5.5
MEDIUM This Month

In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS_CONN_RESET and RDS6_CONN_RESET, that are not re-entrant. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Vm Server Linux
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Vulnerability in the Oracle VM Server for SPARC product of Oracle Systems (component: Templates). Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Oracle Authentication Bypass Vm Server
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Vulnerability in the Oracle VM Server for Sparc component of Oracle Sun Systems Products Suite (subcomponent: LDOM Manager). Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Server
NVD VulDB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Vm Server +1
NVD
EPSS 88% 5.7 CVSS 7.5
HIGH POC THREAT Act Now

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 88.4%.

Denial Of Service Linux Vm Server +3
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Buffer Overflow +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Memory Corruption Buffer Overflow +3
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Authentication Bypass +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +1
NVD GitHub
EPSS 52% 4.0 CVSS 4.8
MEDIUM POC PATCH THREAT This Month

net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 52.0%.

Linux Information Disclosure Android +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Ubuntu Linux Linux +11
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Vm Server +12
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Icewall Federation Agent Watchos +17
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Icewall Federation Agent +10
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Vm Server +1
NVD
EPSS 0% CVSS 8.4
HIGH This Week

The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Vm Server Xen
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap Debian Linux +12
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Denial Of Service Buffer Overflow +11
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Buffer Overflow Debian Linux +14
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Vm Server +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen +2
NVD
EPSS 0% CVSS 3.8
LOW PATCH Monitor

The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Vm Server Xen +2
NVD
EPSS 0% CVSS 3.8
LOW PATCH Monitor

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xen Fedora +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE +12
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Debian Linux Fedora +2
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow +7
NVD
EPSS 67% CVSS 5.0
MEDIUM PATCH This Month

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 67.1%.

Denial Of Service Linux Solaris +2
NVD
EPSS 3% CVSS 5.3
MEDIUM This Month

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Mac Os X +23
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Suse Linux Enterprise Software Development Kit +6
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Suse Linux Enterprise Software Development Kit +7
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Unspecified vulnerability in the Oracle VM Server for SPARC component in Oracle Sun Systems Products Suite 3.1 and 3.2 allows remote attackers to affect confidentiality via unknown vectors related to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Vm Server
NVD
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Mozilla Authentication Bypass Firefox +12
NVD
EPSS 2% CVSS 9.3
CRITICAL PATCH Act Now

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Denial Of Service Mozilla Race Condition +13
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Mozilla +12
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Network Security Services +14
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy