Solaris Security Vulnerabilities
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML...
7.5CVSS
6.8AI Score
0.007EPSS
epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted...
5.9CVSS
5.4AI Score
0.003EPSS
epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted...
5.9CVSS
5.3AI Score
0.003EPSS
Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a...
5.9CVSS
6.4AI Score
0.002EPSS
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to...
3.3CVSS
7.5AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to...
7.8CVSS
7.5AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Network Configuration...
5.5CVSS
7.5AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to...
5.5CVSS
7.5AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to...
6CVSS
7.5AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect integrity via vectors related to the Automated Installer...
4.7CVSS
8.2AI Score
0.001EPSS
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to the...
4.7CVSS
7.6AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the PAM LDAP...
9.8CVSS
8.3AI Score
0.008EPSS
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in...
7.5CVSS
7.3AI Score
0.004EPSS
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka...
5.9CVSS
4.5AI Score
0.001EPSS
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service...
5.3CVSS
5.8AI Score
0.007EPSS
The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token...
7.5CVSS
7.3AI Score
0.002EPSS
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to...
5.4AI Score
0.001EPSS
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to...
5.4AI Score
0.002EPSS
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to...
5.4AI Score
0.002EPSS
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to...
5.3AI Score
0.004EPSS
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via unknown vectors related to...
6.2AI Score
0.0004EPSS
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to...
5.4AI Score
0.002EPSS
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to...
5.3AI Score
0.002EPSS
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to...
5.4AI Score
0.002EPSS
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to...
5.4AI Score
0.002EPSS
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the...
6AI Score
0.0005EPSS
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to...
6.6AI Score
0.002EPSS
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via unknown vectors related to Kernel...
6.4AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to Kernel...
6.3AI Score
0.0004EPSS
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to...
5.4AI Score
0.002EPSS
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to...
6.4AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than...
6.4AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than...
6.4AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than...
6.4AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Verified...
6.4AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than...
6.4AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via vectors related to...
6.4AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect integrity via unknown vectors related to System Archive...
6.5AI Score
0.002EPSS
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality and availability via unknown vectors related to Solaris Kernel...
6.2AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity via vectors related to NDMP Backup...
6.4AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to...
6.6AI Score
0.001EPSS
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to SMB...
6.6AI Score
0.002EPSS
The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as...
5.4CVSS
5.2AI Score
0.003EPSS
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private...
6.5CVSS
6.2AI Score
0.002EPSS
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service...
8.1CVSS
7.1AI Score
0.003EPSS
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'){97)?J)?J)(?'R'(?'R'){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a...
9.8CVSS
9.6AI Score
0.016EPSS
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class...
7.7AI Score
0.955EPSS
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory...
5.3CVSS
6.3AI Score
0.016EPSS
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to...
5.1AI Score
0.001EPSS
The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers...
5.2AI Score
0.004EPSS