Export limit exceeded: 362495 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (469 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-5611 1 Oracle 1 Vm Virtualbox 2025-04-12 N/A
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core.
CVE-2016-5610 1 Oracle 1 Vm Virtualbox 2025-04-12 N/A
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core.
CVE-2015-3195 9 Apple, Canonical, Debian and 6 more 28 Mac Os X, Ubuntu Linux, Debian Linux and 25 more 2025-04-12 5.3 Medium
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
CVE-2016-5608 1 Oracle 1 Vm Virtualbox 2025-04-12 N/A
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613.
CVE-2016-5605 1 Oracle 1 Vm Virtualbox 2025-04-12 N/A
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE.
CVE-2015-2730 5 Debian, Mozilla, Novell and 2 more 10 Debian Linux, Firefox, Firefox Esr and 7 more 2025-04-12 N/A
Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.
CVE-2016-5538 1 Oracle 1 Vm Virtualbox 2025-04-12 N/A
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5501.
CVE-2015-2721 6 Canonical, Debian, Mozilla and 3 more 12 Ubuntu Linux, Debian Linux, Firefox and 9 more 2025-04-12 N/A
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue.
CVE-2016-5501 1 Oracle 1 Vm Virtualbox 2025-04-12 N/A
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5538.
CVE-2016-4962 2 Oracle, Xen 2 Vm Server, Xen 2025-04-12 N/A
The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.
CVE-2015-2594 2 Debian, Oracle 2 Debian Linux, Vm Virtualbox 2025-04-12 N/A
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.32, 4.1.40, 4.2.32, and 4.3.30 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.
CVE-2016-4480 2 Oracle, Xen 2 Vm Server, Xen 2025-04-12 N/A
The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.
CVE-2016-4470 4 Linux, Novell, Oracle and 1 more 17 Linux Kernel, Suse Linux Enterprise Real Time Extension, Linux and 14 more 2025-04-12 N/A
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
CVE-2015-0452 1 Oracle 1 Vm Server 2025-04-12 N/A
Unspecified vulnerability in the Oracle VM Server for SPARC component in Oracle Sun Systems Products Suite 3.1 and 3.2 allows remote attackers to affect confidentiality via unknown vectors related to Ldom Manager.
CVE-2016-4448 9 Apple, Hp, Mcafee and 6 more 22 Icloud, Iphone Os, Itunes and 19 more 2025-04-12 9.8 Critical
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
CVE-2016-4447 9 Apple, Canonical, Debian and 6 more 14 Iphone Os, Itunes, Mac Os X and 11 more 2025-04-12 N/A
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
CVE-2015-0427 2 Opensuse, Oracle 2 Opensuse, Vm Virtualbox 2025-04-12 N/A
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595.
CVE-2016-3991 3 Libtiff, Oracle, Redhat 3 Libtiff, Vm Server, Enterprise Linux 2025-04-12 N/A
Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles.
CVE-2016-3990 3 Libtiff, Oracle, Redhat 3 Libtiff, Vm Server, Enterprise Linux 2025-04-12 N/A
Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.
CVE-2016-3945 3 Libtiff, Oracle, Redhat 3 Libtiff, Vm Server, Enterprise Linux 2025-04-12 N/A
Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write.