Vulnerabilities > Oracle > VM Server > 3.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-27 | CVE-2017-3242 | Improper Input Validation vulnerability in Oracle VM Server 3.2/3.4 Vulnerability in the Oracle VM Server for Sparc component of Oracle Sun Systems Products Suite (subcomponent: LDOM Manager). | 5.9 |
| 2016-09-28 | CVE-2016-2776 | Improper Input Validation vulnerability in multiple products buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. | 7.5 |
| 2016-05-18 | CVE-2016-4480 | Permissions, Privileges, and Access Controls vulnerability in multiple products The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory. | 8.4 |
| 2016-05-11 | CVE-2016-3710 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. | 8.8 |
| 2016-04-19 | CVE-2016-3960 | Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. | 8.8 |
| 2016-03-22 | CVE-2016-3115 | Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. | 6.4 |
| 2016-03-13 | CVE-2016-1950 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. | 8.8 |
| 2015-12-06 | CVE-2015-3195 | Information Exposure vulnerability in multiple products The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. | 5.3 |