Total
38 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4447 | 8 Apple, Canonical, Debian and 5 more | 12 Iphone Os, Itunes, Mac Os X and 9 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. | |||||
| CVE-2015-2730 | 4 Debian, Mozilla, Novell and 1 more | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors. | |||||
| CVE-2016-6198 | 2 Linux, Oracle | 3 Linux Kernel, Linux, Vm Server | 2025-04-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c. | |||||
| CVE-2015-0452 | 1 Oracle | 1 Vm Server | 2025-04-12 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle VM Server for SPARC component in Oracle Sun Systems Products Suite 3.1 and 3.2 allows remote attackers to affect confidentiality via unknown vectors related to Ldom Manager. | |||||
| CVE-2016-3115 | 2 Openbsd, Oracle | 2 Openssh, Vm Server | 2025-04-12 | 5.5 MEDIUM | 6.4 MEDIUM |
| Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. | |||||
| CVE-2015-8668 | 3 Libtiff, Oracle, Redhat | 6 Libtiff, Linux, Vm Server and 3 more | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image. | |||||
| CVE-2016-2117 | 3 Canonical, Linux, Oracle | 3 Ubuntu Linux, Linux Kernel, Vm Server | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data. | |||||
| CVE-2016-3960 | 3 Fedoraproject, Oracle, Xen | 3 Fedora, Vm Server, Xen | 2025-04-12 | 7.2 HIGH | 8.8 HIGH |
| Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. | |||||
| CVE-2015-8000 | 2 Isc, Oracle | 4 Bind, Linux, Solaris and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute. | |||||
| CVE-2016-7039 | 2 Linux, Oracle | 3 Linux Kernel, Linux, Vm Server | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666. | |||||
| CVE-2016-3632 | 2 Libtiff, Oracle | 2 Libtiff, Vm Server | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
| The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image. | |||||
| CVE-2016-4470 | 4 Linux, Novell, Oracle and 1 more | 14 Linux Kernel, Suse Linux Enterprise Real Time Extension, Linux and 11 more | 2025-04-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. | |||||
| CVE-2016-4962 | 2 Oracle, Xen | 2 Vm Server, Xen | 2025-04-12 | 6.8 MEDIUM | 6.7 MEDIUM |
| The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore. | |||||
| CVE-2016-3712 | 6 Canonical, Citrix, Debian and 3 more | 11 Ubuntu Linux, Xenserver, Debian Linux and 8 more | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. | |||||
| CVE-2013-0791 | 4 Canonical, Mozilla, Oracle and 1 more | 12 Ubuntu Linux, Firefox, Network Security Services and 9 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate. | |||||
| CVE-2013-1620 | 4 Canonical, Mozilla, Oracle and 1 more | 15 Ubuntu Linux, Network Security Services, Enterprise Manager Ops Center and 12 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. | |||||
| CVE-2023-22024 | 1 Oracle | 2 Linux, Vm Server | 2024-11-21 | N/A | 5.5 MEDIUM |
| In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS_CONN_RESET and RDS6_CONN_RESET, that are not re-entrant. A malicious local user with CAP_NET_ADMIN can use this to crash the kernel. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2020-2571 | 1 Oracle | 1 Vm Server | 2024-11-21 | 1.9 LOW | 3.3 LOW |
| Vulnerability in the Oracle VM Server for SPARC product of Oracle Systems (component: Templates). The supported version that is affected is 3.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM Server for SPARC executes to compromise Oracle VM Server for SPARC. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM Server for SPARC accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). | |||||