Oracle Vm Server vulnerabilities

CVE-2023-22024 [MEDIUM] CVE-2023-22024: In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS_CONN_RESET and RDS6_CONN_RESET, that are not re-entrant. A malicious local user with CAP_NET_ADMIN can use this to crash the kernel. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVE-2020-2571 [LOW] CVE-2020-2571: Vulnerability in the Oracle VM Server for SPARC product of Oracle Systems (component: Templates). Th Vulnerability in the Oracle VM Server for SPARC product of Oracle Systems (component: Templates). The supported version that is affected is 3.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM Server for SPARC executes to compromise Oracle VM Server for SPARC. Successful attacks require human inte

CVE-2017-3242 [MEDIUM] CWE-20 CVE-2017-3242: Vulnerability in the Oracle VM Server for Sparc component of Oracle Sun Systems Products Suite (subc Vulnerability in the Oracle VM Server for Sparc component of Oracle Sun Systems Products Suite (subcomponent: LDOM Manager). Supported versions that are affected are 3.2 and 3.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM Server for Sparc executes to compromise Oracle VM Server for S

CVE-2016-7039 [HIGH] CWE-399 CVE-2016-7039: The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.

CVE-2016-2776 [HIGH] CWE-20 CVE-2016-2776: buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.

CVE-2016-3945 [HIGH] CWE-190 CVE-2016-3945: Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba to Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write.

CVE-2016-3632 [HIGH] CWE-787 CVE-2016-3632: The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image.

CVE-2016-3990 [HIGH] CWE-119 CVE-2016-3990: Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.

CVE-2016-3991 [HIGH] CWE-119 CVE-2016-3991: Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earli Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles.

CVE-2016-6198 [MEDIUM] CWE-284 CVE-2016-6198: The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c.

CVE-2016-5696 [MEDIUM] CWE-200 CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challeng net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.

CVE-2016-6197 [MEDIUM] CWE-20 CVE-2016-6197: fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does no fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink.

CVE-2016-5403 [MEDIUM] CWE-400 CVE-2016-5403: The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cau The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

CVE-2016-4470 [MEDIUM] CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not e The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.

CVE-2016-4448 [CRITICAL] CWE-134 CVE-2016-4448: Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

CVE-2016-4447 [HIGH] CWE-119 CVE-2016-4447: The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attack The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

CVE-2016-4962 [MEDIUM] CWE-264 CVE-2016-4962: The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a d The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.

CVE-2016-4480 [HIGH] CWE-264 CVE-2016-4480: The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properl The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.

CVE-2016-3627 [HIGH] CWE-674 CVE-2016-3627: The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

CVE-2016-3710 [HIGH] CWE-119 CVE-2016-3710: The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which a The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.