Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.
Source: MITRE
Max CVSS
3.8
EPSS Score
0.06%
Published
2017-05-03
Updated
2017-05-15
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
Source: MITRE
Max CVSS
3.3
EPSS Score
0.04%
Published
2016-05-23
Updated
2023-09-12
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
Source: Red Hat, Inc.
Max CVSS
3.5
EPSS Score
0.05%
Published
2020-01-31
Updated
2023-09-12
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.
Source: Oracle
Max CVSS
3.5
EPSS Score
0.30%
Published
2015-04-16
Updated
2017-01-03
Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field.
Source: MITRE
Max CVSS
3.5
EPSS Score
0.06%
Published
2011-01-07
Updated
2018-10-10
Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker.
Source: MITRE
Max CVSS
3.5
EPSS Score
0.15%
Published
2008-03-18
Updated
2017-08-08
NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allows remote authenticated users to cause a denial of service (abend) by sending an RNTO command after a failed RNFR command.
Source: MITRE
Max CVSS
3.5
EPSS Score
0.88%
Published
2010-04-05
Updated
2010-04-05
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!