CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Oracle » Solaris : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2011-4093 190 Overflow +Priv 2014-02-10 2018-10-30
5.8
None Remote Medium Not required Partial Partial None
Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections until the overflow occurs and an ID of another user is provided.
452 CVE-2011-4091 287 +Info 2014-02-10 2018-10-30
5.0
None Remote Low Not required Partial None None
The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences.
453 CVE-2011-3539 2011-10-18 2017-08-29
1.7
None Local Low ??? None None Partial
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to Zones.
454 CVE-2011-3537 2011-10-18 2017-08-29
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/Filesystem.
455 CVE-2011-3536 2011-10-18 2017-08-29
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to DTrace Software Library (libdtrace).
456 CVE-2011-3534 2011-10-18 2017-08-29
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network Status Monitor (statd).
457 CVE-2011-3201 200 +Info 2013-03-08 2017-08-29
4.3
None Remote Medium Not required Partial None None
GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.
458 CVE-2011-2313 2011-10-18 2016-11-22
4.3
None Local Low ??? None None Complete
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to ZFS, a different vulnerability than CVE-2011-2311.
459 CVE-2011-2312 2011-10-18 2011-12-24
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, related to ZFS.
460 CVE-2011-2311 2011-10-18 2016-11-22
1.7
None Local Low ??? None None Partial
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to ZFS, a different vulnerability than CVE-2011-2313.
461 CVE-2011-2304 2011-10-18 2011-12-24
4.3
None Remote Medium Not required Partial None None
Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality, related to Network Services Library (libnsl).
462 CVE-2011-2292 2011-10-18 2012-01-12
2.4
None Local High ??? Partial Partial None
Unspecified vulnerability in Oracle Solaris 9 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to xscreensaver.
463 CVE-2011-2286 2011-10-18 2011-12-24
2.1
None Remote High ??? None None Partial
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote authenticated users to affect availability, related to ZFS.
464 CVE-2011-2198 20 DoS 2014-05-21 2018-10-30
3.5
None Remote Medium ??? None None Partial
The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".
465 CVE-2011-0419 399 DoS 2011-05-16 2021-06-06
4.3
None Remote Medium Not required None None Partial
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
466 CVE-2010-3576 2010-10-14 2010-11-11
3.6
None Local Low Not required None Partial Partial
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect integrity and availability, related to the SCSI enclosure services device driver.
467 CVE-2010-3542 2010-10-14 2010-11-11
1.9
None Local Medium Not required Partial None None
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect confidentiality, related to USB.
468 CVE-2010-3540 2010-10-14 2010-11-11
4.0
None Local High Not required None None Complete
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to ZFS.
469 CVE-2010-3517 2010-10-14 2010-11-11
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to Kernel/X86.
470 CVE-2010-3516 2010-10-14 2010-11-11
4.0
None Local High Not required None None Complete
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability via unknown vectors related to InfiniBand.
471 CVE-2010-3515 2010-10-14 2010-11-11
4.0
None Local High Not required None None Complete
Unspecified vulnerability in the Solaris component in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to Kernel/Disk Driver.
472 CVE-2010-3513 2010-10-14 2010-11-11
2.4
None Local High ??? None Partial Partial
Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect integrity and availability via unknown vectors related to Device Drivers.
473 CVE-2010-3509 2010-10-14 2010-11-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scheduler.
474 CVE-2010-3508 2010-10-14 2010-11-11
3.2
None Local Low ??? Partial Partial None
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Zones.
475 CVE-2010-3507 2010-10-14 2010-11-11
6.6
None Local Medium Not required Partial Complete Complete
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Live Upgrade.
476 CVE-2010-3503 2010-10-14 2010-11-11
6.3
None Local Medium Not required Complete Complete None
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect confidentiality and integrity via unknown vectors related to su.
477 CVE-2010-2400 2010-07-13 2012-10-23
4.6
None Local Low ??? None None Complete
Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to Kernel/Filesystem.
478 CVE-2010-2399 2010-07-13 2012-10-23
4.6
None Local Low ??? None None Complete
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability via unknown vectors related to Kernel/VM.
479 CVE-2010-2394 2010-07-13 2012-10-23
4.7
None Local Medium Not required None None Complete
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to TCP/IP.
480 CVE-2010-2393 2010-07-13 2012-10-23
3.8
None Local High ??? None None Complete
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to RPC.
481 CVE-2010-2392 2010-07-13 2012-10-23
5.6
None Local Low Not required None Partial Complete
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect integrity and availability, related to ZFS.
482 CVE-2010-2386 2010-07-13 2012-10-23
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to GigaSwift Ethernet Driver.
483 CVE-2010-2384 2010-07-13 2012-10-23
3.2
None Local Low ??? Partial Partial None
Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Management Console.
484 CVE-2010-2383 2010-07-13 2012-10-23
3.2
None Local Low ??? Partial Partial None
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect confidentiality and integrity, related to NFS.
485 CVE-2010-2382 2010-07-13 2012-10-23
3.2
None Local Low ??? Partial Partial None
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors.
486 CVE-2010-2376 2010-07-13 2012-10-23
3.2
None Local Low ??? Partial Partial None
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Management Console.
487 CVE-2009-3519 772 DoS 2009-10-01 2021-11-15
4.9
None Local Low Not required None None Complete
Multiple memory leaks in the IP module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_109, allow local users to cause a denial of service (memory consumption) via vectors related to (1) M_DATA, (2) M_PROTO, (3) M_PCPROTO, and (4) M_SIG STREAMS messages.
488 CVE-2004-0230 DoS 2004-08-18 2018-10-19
5.0
None Remote Low Not required None None Partial
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
Total number of vulnerabilities : 485   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.