Every CVE whose affected-product data names Oracle Vm Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (38)
CVE-2016-4448 — CVSS 9.8 (critical): Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown…
CVE-2015-8668 — CVSS 9.8 (critical): Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote…
CVE-2014-1490 — CVSS 9.3 (critical): Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x…
CVE-2016-3710 — CVSS 8.8 (high): The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to…
CVE-2016-1950 — CVSS 8.8 (high): Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in…
CVE-2016-3960 — CVSS 8.8 (high): Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly…
CVE-2016-4480 — CVSS 8.4 (high): The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table…
CVE-2016-3991 — CVSS 7.8 (high): Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a…
CVE-2016-3945 — CVSS 7.8 (high): Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when…
CVE-2016-3990 — CVSS 7.8 (high): Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to…
CVE-2016-3632 — CVSS 7.8 (high): The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service…
CVE-2016-2776 — CVSS 7.5 (high): buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct…
CVE-2016-4447 — CVSS 7.5 (high): The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service…
CVE-2016-2117 — CVSS 7.5 (high): The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather…
CVE-2016-7039 — CVSS 7.5 (high): The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or…
CVE-2016-3627 — CVSS 7.5 (high): The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to…
CVE-2016-2270 — CVSS 6.8 (medium): Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings…
CVE-2016-4962 — CVSS 6.7 (medium): The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption…
CVE-2016-3115 — CVSS 6.4 (medium): Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended…
CVE-2017-3242 — CVSS 5.9 (medium): Vulnerability in the Oracle VM Server for Sparc component of Oracle Sun Systems Products Suite (subcomponent: LDOM Manager). Supported…
CVE-2023-22024 — CVSS 5.5 (medium): In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS_CONN_RESET and RDS6_CONN_RESET, that…
CVE-2016-3712 — CVSS 5.5 (medium): Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process…
CVE-2016-4470 — CVSS 5.5 (medium): The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is…
CVE-2016-5403 — CVSS 5.5 (medium): The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory…
CVE-2016-6197 — CVSS 5.5 (medium): fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry…
CVE-2016-6198 — CVSS 5.5 (medium): The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a…
CVE-2015-3195 — CVSS 5.3 (medium): The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and…
CVE-2013-0791 — CVSS 5.0 (medium): The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x…
CVE-2015-8000 — CVSS 5.0 (medium): db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE…
CVE-2016-5696 — CVSS 4.8 (medium): net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier…
CVE-2013-1620 — CVSS 4.3 (medium): The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant…
CVE-2015-2730 — CVSS 4.3 (medium): Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before…
CVE-2014-1491 — CVSS 4.3 (medium): Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird…
CVE-2015-2721 — CVSS 4.3 (medium): Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before…
CVE-2015-0452 — CVSS 4.3 (medium): Unspecified vulnerability in the Oracle VM Server for SPARC component in Oracle Sun Systems Products Suite 3.1 and 3.2 allows remote…
CVE-2016-3158 — CVSS 3.8 (low): The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64…
CVE-2016-3159 — CVSS 3.8 (low): The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64…
CVE-2020-2571 — CVSS 3.3 (low): Vulnerability in the Oracle VM Server for SPARC product of Oracle Systems (component: Templates). The supported version that is affected is…