Vm Server

vm_server

Vendor: Oracle • 38 CVEs

CVEs (38)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-3710 7Canonical CitrixDebian+4 more 15Debian Linux Enterprise Linux DesktopEnterprise Linux Server+12 more May 6, 2026 May 11, 2016 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the ban...Show more The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.Show less
CVE-2016-2117 3Canonical LinuxOracle 3Linux Kernel Ubuntu LinuxVm Server May 6, 2026 May 2, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memo...Show more The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.Show less
CVE-2016-3960 3Fedoraproject OracleXen 3Fedora Vm ServerXen May 6, 2026 Apr 19, 2016 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
CVE-2016-3159 4Debian FedoraprojectOracle+1 more 4Debian Linux FedoraVm Server+1 more May 6, 2026 Apr 13, 2016 N/A· v4 3.8 LOW· v3 1.7 LOW· v2 The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content i...Show more The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.Show less
CVE-2016-3158 3Fedoraproject OracleXen 3Fedora Vm ServerXen May 6, 2026 Apr 13, 2016 N/A· v4 3.8 LOW· v3 1.7 LOW· v2 The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content info...Show more The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.Show less
CVE-2016-3115 2Openbsd Oracle 2Openssh Vm Server May 29, 2026 Mar 22, 2016 N/A· v4 6.4 MEDIUM· v3 5.5 MEDIUM· v2 Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_a...Show more Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.Show less
CVE-2016-1950 4Apple MozillaOpensuse+1 more 12Firefox Glassfish ServerIphone Os+9 more May 6, 2026 Mar 13, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers...Show more Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.Show less
CVE-2016-2270 4Debian FedoraprojectOracle+1 more 4Debian Linux FedoraVm Server+1 more May 6, 2026 Feb 19, 2016 N/A· v4 6.8 MEDIUM· v3 4.6 MEDIUM· v2 Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.
CVE-2015-8668 3Libtiff OracleRedhat 6Enterprise Linux Enterprise Linux DesktopEnterprise Linux Workstation+3 more May 6, 2026 Jan 8, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width fie...Show more Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image.Show less
CVE-2015-8000 2Isc Oracle 4Bind LinuxSolaris+1 more May 6, 2026 Dec 16, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.
CVE-2015-3195 9Apple CanonicalDebian+6 more 25Api Gateway Communications Webrtc Session ControllerDebian Linux+22 more May 6, 2026 Dec 6, 2015 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which...Show more The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.Show less
CVE-2015-2730 4Debian MozillaNovell+1 more 7Debian Linux Network Security ServicesSolaris+4 more May 6, 2026 Jul 6, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptograph...Show more Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.Show less
CVE-2015-2721 5Canonical DebianMozilla+2 more 8Debian Linux Network Security ServicesSolaris+5 more May 6, 2026 Jul 6, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine sta...Show more Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue.Show less
CVE-2015-0452 1Oracle 1Vm Server May 6, 2026 Apr 16, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Unspecified vulnerability in the Oracle VM Server for SPARC component in Oracle Sun Systems Products Suite 3.1 and 3.2 allows remote attackers to affect confidentiality via unknown vectors related to Ldom Manager.
CVE-2014-1491 7Canonical DebianFedoraproject+4 more 13Debian Linux Enterprise Manager Ops CenterFedora+10 more Apr 29, 2026 Feb 6, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict...Show more Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.Show less
CVE-2014-1490 7Canonical DebianFedoraproject+4 more 13Debian Linux Enterprise Manager Ops CenterFedora+10 more Apr 29, 2026 Feb 6, 2014 N/A· v4 N/A· v3 9.3 HIGH· v2 Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products,...Show more Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.Show less
CVE-2013-0791 4Canonical MozillaOracle+1 more 12Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+9 more Apr 29, 2026 Apr 3, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMo...Show more The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.Show less
CVE-2013-1620 4Canonical MozillaOracle+1 more 15Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+12 more Apr 29, 2026 Feb 8, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows...Show more The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.Show less

Previous 12