CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Oracle » Solaris : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2016-3584 2016-07-21 2017-09-01
4.4
None Local Medium Not required Partial Partial Partial
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Libadimalloc.
152 CVE-2016-3497 2016-07-21 2017-09-01
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-5469 and CVE-2016-5471.
153 CVE-2016-3465 2016-04-21 2016-12-30
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to ZFS.
154 CVE-2016-3462 2016-04-21 2016-12-03
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Network Configuration Service.
155 CVE-2016-3453 2016-07-21 2017-09-01
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to Kernel.
156 CVE-2016-3441 2016-04-21 2016-12-03
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Filesystem.
157 CVE-2016-3419 2016-04-21 2016-12-03
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to Filesystem.
158 CVE-2016-2776 20 DoS 2016-09-28 2019-12-27
7.8
None Remote Low Not required None None Complete
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
159 CVE-2016-2381 20 Bypass 2016-04-08 2020-09-10
5.0
None Remote Low Not required None Partial None
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
160 CVE-2016-2334 119 Exec Code Overflow 2016-12-13 2017-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.
161 CVE-2016-2178 200 +Info 2016-06-20 2021-11-17
2.1
None Local Low Not required Partial None None
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
162 CVE-2016-2177 190 DoS Overflow 2016-06-20 2021-11-17
7.5
None Remote Low Not required Partial Partial Partial
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
163 CVE-2016-0778 119 DoS Overflow 2016-01-14 2019-12-27
4.6
None Remote High ??? Partial Partial Partial
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
164 CVE-2016-0777 200 +Info 2016-01-14 2019-12-27
4.0
None Remote Low ??? Partial None None
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
165 CVE-2016-0693 2016-04-21 2016-12-03
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the PAM LDAP module.
166 CVE-2016-0676 2016-04-21 2016-12-03
4.0
None Local High Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to the kernel.
167 CVE-2016-0669 2016-04-21 2016-12-03
5.2
None Local Low ??? None Partial Complete
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Fwflash.
168 CVE-2016-0623 2016-04-21 2016-12-03
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect integrity via vectors related to the Automated Installer sub-component.
169 CVE-2016-0618 2016-01-21 2016-12-22
1.4
None Local Low ??? Partial None None
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via unknown vectors related to Zones.
170 CVE-2016-0616 2016-01-21 2019-12-27
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
171 CVE-2016-0609 2016-01-21 2019-12-27
1.7
None Remote High ??? None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.
172 CVE-2016-0608 2016-01-21 2019-12-27
3.5
None Remote Medium ??? None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.
173 CVE-2016-0606 2016-01-21 2019-12-27
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.
174 CVE-2016-0600 2016-01-21 2019-12-27
3.5
None Remote Medium ??? None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
175 CVE-2016-0598 2016-01-21 2019-12-27
3.5
None Remote Medium ??? None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.
176 CVE-2016-0597 2016-01-21 2019-12-27
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
177 CVE-2016-0596 2016-01-21 2019-12-27
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.
178 CVE-2016-0546 Overflow 2016-01-21 2019-12-27
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.
179 CVE-2016-0535 2016-01-21 2016-12-07
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to RPC.
180 CVE-2016-0505 2016-01-21 2019-12-27
6.8
None Remote Low ??? None None Complete
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.
181 CVE-2016-0493 2016-01-21 2016-12-07
3.3
None Local Medium Not required None Partial Partial
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via unknown vectors related to Kernel Cryptography.
182 CVE-2016-0458 2016-01-21 2016-12-07
4.0
None Local High Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to Kernel DAX.
183 CVE-2016-0440 2016-01-21 2016-12-07
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to NFSv4.
184 CVE-2016-0431 2016-01-21 2016-12-07
1.2
None Local High Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0419.
185 CVE-2016-0428 2016-01-21 2016-12-07
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Verified Boot.
186 CVE-2016-0426 2016-01-21 2016-12-07
3.6
None Local Low Not required Partial None Partial
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality and availability via unknown vectors related to Solaris Kernel Zones.
187 CVE-2016-0419 2016-01-21 2016-12-07
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0431.
188 CVE-2016-0418 2016-01-21 2016-12-07
6.1
None Local Low Not required Partial Partial Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0414.
189 CVE-2016-0416 2016-01-21 2016-12-07
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect integrity via unknown vectors related to System Archive Utility.
190 CVE-2016-0414 2016-01-21 2016-12-07
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0418.
191 CVE-2016-0406 2016-01-21 2016-12-07
3.3
None Local Medium Not required None Partial Partial
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via vectors related to Libc.
192 CVE-2016-0403 2016-01-21 2016-12-07
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to SMB Utilities.
193 CVE-2015-8786 399 DoS 2016-12-09 2018-01-05
6.8
None Remote Low ??? None None Complete
The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter.
194 CVE-2015-8629 125 DoS +Info 2016-02-13 2021-02-02
2.1
None Remote High ??? Partial None None
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
195 CVE-2015-8126 120 DoS Overflow 2015-11-13 2020-08-31
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
196 CVE-2015-8104 399 DoS 2015-11-16 2019-02-13
4.7
None Local Medium Not required None None Complete
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
197 CVE-2015-8000 20 DoS 2015-12-16 2019-12-27
5.0
None Remote Low Not required None None Partial
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.
198 CVE-2015-7830 20 DoS 2015-11-15 2017-09-15
4.3
None Remote Medium Not required None None Partial
The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying.
199 CVE-2015-7546 522 Bypass 2016-02-03 2020-06-02
6.0
None Remote Medium ??? Partial Partial Partial
The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.
200 CVE-2015-7236 DoS 2015-10-01 2021-07-07
5.0
None Remote Low Not required None None Partial
Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.
Total number of vulnerabilities : 485   Page : 1 2 3 4 (This Page)5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.