CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Oracle » Solaris : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2004-0230 DoS 2004-08-18 2018-10-19
5.0
None Remote Low Not required None None Partial
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
2 CVE-2009-3519 772 DoS 2009-10-01 2021-11-15
4.9
None Local Low Not required None None Complete
Multiple memory leaks in the IP module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_109, allow local users to cause a denial of service (memory consumption) via vectors related to (1) M_DATA, (2) M_PROTO, (3) M_PCPROTO, and (4) M_SIG STREAMS messages.
3 CVE-2010-2376 2010-07-13 2012-10-23
3.2
None Local Low ??? Partial Partial None
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Management Console.
4 CVE-2010-2382 2010-07-13 2012-10-23
3.2
None Local Low ??? Partial Partial None
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors.
5 CVE-2010-2383 2010-07-13 2012-10-23
3.2
None Local Low ??? Partial Partial None
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect confidentiality and integrity, related to NFS.
6 CVE-2010-2384 2010-07-13 2012-10-23
3.2
None Local Low ??? Partial Partial None
Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Management Console.
7 CVE-2010-2386 2010-07-13 2012-10-23
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to GigaSwift Ethernet Driver.
8 CVE-2010-2392 2010-07-13 2012-10-23
5.6
None Local Low Not required None Partial Complete
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect integrity and availability, related to ZFS.
9 CVE-2010-2393 2010-07-13 2012-10-23
3.8
None Local High ??? None None Complete
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to RPC.
10 CVE-2010-2394 2010-07-13 2012-10-23
4.7
None Local Medium Not required None None Complete
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to TCP/IP.
11 CVE-2010-2399 2010-07-13 2012-10-23
4.6
None Local Low ??? None None Complete
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability via unknown vectors related to Kernel/VM.
12 CVE-2010-2400 2010-07-13 2012-10-23
4.6
None Local Low ??? None None Complete
Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to Kernel/Filesystem.
13 CVE-2010-3503 2010-10-14 2010-11-11
6.3
None Local Medium Not required Complete Complete None
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect confidentiality and integrity via unknown vectors related to su.
14 CVE-2010-3507 2010-10-14 2010-11-11
6.6
None Local Medium Not required Partial Complete Complete
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Live Upgrade.
15 CVE-2010-3508 2010-10-14 2010-11-11
3.2
None Local Low ??? Partial Partial None
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Zones.
16 CVE-2010-3509 2010-10-14 2010-11-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scheduler.
17 CVE-2010-3513 2010-10-14 2010-11-11
2.4
None Local High ??? None Partial Partial
Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect integrity and availability via unknown vectors related to Device Drivers.
18 CVE-2010-3515 2010-10-14 2010-11-11
4.0
None Local High Not required None None Complete
Unspecified vulnerability in the Solaris component in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to Kernel/Disk Driver.
19 CVE-2010-3516 2010-10-14 2010-11-11
4.0
None Local High Not required None None Complete
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability via unknown vectors related to InfiniBand.
20 CVE-2010-3517 2010-10-14 2010-11-11
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to Kernel/X86.
21 CVE-2010-3540 2010-10-14 2010-11-11
4.0
None Local High Not required None None Complete
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to ZFS.
22 CVE-2010-3542 2010-10-14 2010-11-11
1.9
None Local Medium Not required Partial None None
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect confidentiality, related to USB.
23 CVE-2010-3576 2010-10-14 2010-11-11
3.6
None Local Low Not required None Partial Partial
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect integrity and availability, related to the SCSI enclosure services device driver.
24 CVE-2011-0419 399 DoS 2011-05-16 2021-06-06
4.3
None Remote Medium Not required None None Partial
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
25 CVE-2011-2198 20 DoS 2014-05-21 2018-10-30
3.5
None Remote Medium ??? None None Partial
The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".
26 CVE-2011-2286 2011-10-18 2011-12-24
2.1
None Remote High ??? None None Partial
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote authenticated users to affect availability, related to ZFS.
27 CVE-2011-2292 2011-10-18 2012-01-12
2.4
None Local High ??? Partial Partial None
Unspecified vulnerability in Oracle Solaris 9 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to xscreensaver.
28 CVE-2011-2304 2011-10-18 2011-12-24
4.3
None Remote Medium Not required Partial None None
Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality, related to Network Services Library (libnsl).
29 CVE-2011-2311 2011-10-18 2016-11-22
1.7
None Local Low ??? None None Partial
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to ZFS, a different vulnerability than CVE-2011-2313.
30 CVE-2011-2312 2011-10-18 2011-12-24
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, related to ZFS.
31 CVE-2011-2313 2011-10-18 2016-11-22
4.3
None Local Low ??? None None Complete
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to ZFS, a different vulnerability than CVE-2011-2311.
32 CVE-2011-3201 200 +Info 2013-03-08 2017-08-29
4.3
None Remote Medium Not required Partial None None
GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.
33 CVE-2011-3534 2011-10-18 2017-08-29
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network Status Monitor (statd).
34 CVE-2011-3536 2011-10-18 2017-08-29
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to DTrace Software Library (libdtrace).
35 CVE-2011-3537 2011-10-18 2017-08-29
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/Filesystem.
36 CVE-2011-3539 2011-10-18 2017-08-29
1.7
None Local Low ??? None None Partial
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to Zones.
37 CVE-2011-4091 287 +Info 2014-02-10 2018-10-30
5.0
None Remote Low Not required Partial None None
The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences.
38 CVE-2011-4093 190 Overflow +Priv 2014-02-10 2018-10-30
5.8
None Remote Medium Not required Partial Partial None
Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections until the overflow occurs and an ID of another user is provided.
39 CVE-2013-1502 2013-04-17 2019-12-17
1.5
None Local Medium ??? None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.
40 CVE-2013-1511 2013-04-17 2019-12-17
3.5
None Remote Medium ??? None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
41 CVE-2013-2376 2013-04-17 2019-12-17
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
42 CVE-2013-3793 2013-07-17 2019-12-17
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
43 CVE-2013-3794 2013-07-17 2019-12-17
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
44 CVE-2013-3805 2013-07-17 2019-12-17
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.
45 CVE-2013-3809 2013-07-17 2019-12-17
4.0
None Remote Low ??? None Partial None
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.
46 CVE-2013-3812 2013-07-17 2019-12-17
3.5
None Remote Medium ??? None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
47 CVE-2013-4590 200 +Info 2014-02-26 2019-04-15
4.3
None Remote Medium Not required Partial None None
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
48 CVE-2013-5610 787 DoS Exec Code Mem. Corr. 2013-12-11 2020-08-21
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
49 CVE-2013-5611 2013-12-11 2018-10-30
5.8
None Remote Medium Not required None Partial Partial
Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.
50 CVE-2013-5612 79 XSS 2013-12-11 2020-08-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.
Total number of vulnerabilities : 485   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.