VYPR

VM Server

by Oracle Corporation

CVEs (32)

  • CVE-2016-3712MedMay 11, 2016
    risk 0.36cvss 5.5epss 0.01

    Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

  • CVE-2016-5696MedAug 6, 2016
    risk 0.32cvss 4.8epss 0.15

    net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.

  • CVE-2016-3159LowApr 13, 2016
    risk 0.25cvss 3.8epss 0.00

    The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending…

  • CVE-2016-3158LowApr 13, 2016
    risk 0.25cvss 3.8epss 0.00

    The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception…

  • CVE-2015-8000Dec 16, 2015
    risk 0.04cvss epss 0.55

    db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.

  • CVE-2015-2730Jul 6, 2015
    risk 0.00cvss epss 0.04

    Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote…

  • CVE-2015-2721Jul 6, 2015
    risk 0.00cvss epss 0.03

    Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows…

  • CVE-2015-0452Apr 16, 2015
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Oracle VM Server for SPARC component in Oracle Sun Systems Products Suite 3.1 and 3.2 allows remote attackers to affect confidentiality via unknown vectors related to Ldom Manager.

  • CVE-2014-1491Feb 6, 2014
    risk 0.00cvss epss 0.05

    Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes…

  • CVE-2014-1490Feb 6, 2014
    risk 0.00cvss epss 0.04

    Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service…

  • CVE-2013-0791Apr 3, 2013
    risk 0.00cvss epss 0.05

    The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote…

  • CVE-2013-1620Feb 8, 2013
    risk 0.00cvss epss 0.04

    The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and…

Page 2 of 2