Opensolaris Security Vulnerabilities
Multiple memory leaks in the (1) IP and (2) IPv6 multicast implementation in the kernel in Sun Solaris 10, and OpenSolaris snv_67 through snv_93, allow local users to cause a denial of service (memory consumption) via vectors related to the association of (a) DL_ENABMULTI_REQ and (b)...
6.3AI Score
0.0004EPSS
Unspecified vulnerability in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to fad_aupath structure...
6.3AI Score
0.0004EPSS
The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10, and OpenSolaris snv_41 through snv_108, on SPARC platforms does not check authorization for guest console access, which allows local control-domain users to gain guest-domain privileges via...
6.8AI Score
0.001EPSS
Unspecified vulnerability in the kernel in Sun OpenSolaris 2009.06 allows remote attackers to cause a denial of service (panic) via unknown vectors, as demonstrated by the vd_solaris2 module in VulnDisco Pack Professional 8.12. NOTE: as of 20091203, this disclosure has no actionable information....
6.6AI Score
0.002EPSS
Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call.....
6.5AI Score
0.0004EPSS
Unspecified vulnerability in Sun Solaris 10 and OpenSolaris snv_49 through snv_117, when 64bit mode is used on the Intel x86 platform and a Linux (lx) branded zone is configured, allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than...
6.4AI Score
0.0004EPSS
Unspecified vulnerability in the kernel in Sun Solaris 10 and OpenSolaris 2009.06 on the x86-64 platform allows local users to gain privileges via unknown vectors, as demonstrated by the vd_sol_local module in VulnDisco Pack Professional 8.12. NOTE: as of 20091203, this disclosure has no...
6.4AI Score
0.0004EPSS
Multiple unspecified vulnerabilities in the (1) iscsiadm and (2) iscsitadm programs in Sun Solaris 10, and OpenSolaris snv_28 through snv_109, allow local users with certain RBAC execution profiles to gain privileges via unknown vectors related to the libima...
6.8AI Score
0.0004EPSS
xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and OpenSolaris snv_109 through snv_122, does not properly handle Trusted Extensions, which allows local users to cause a denial of service (CPU consumption and console hang) by locking the screen, related to a regression in certain Solaris.....
6.4AI Score
0.0004EPSS
Memory leak in Solaris TCP sockets in Sun OpenSolaris snv_106 through snv_126 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors involving tcp_sendmsg processing "ancillary...
6.2AI Score
0.0004EPSS
xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking the screen and then attempting to launch an.....
6.4AI Score
0.0004EPSS
Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and OpenSolaris snv_100 through snv_117, allows local users to bypass intended limitations of the file_chown_self privilege via certain uses of the chown system...
6.4AI Score
0.0004EPSS
Multiple memory leaks in the IP module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_109, allow local users to cause a denial of service (memory consumption) via vectors related to (1) M_DATA, (2) M_PROTO, (3) M_PCPROTO, and (4) M_SIG STREAMS...
6.1AI Score
0.0005EPSS
The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_41 through snv_122, when Network Cache Accelerator (NCA) logging is enabled, allows remote attackers to cause a denial of service (panic) via unspecified web-server traffic that triggers a NULL pointer dereference in the...
6.8AI Score
0.001EPSS
The labeled networking implementation in Solaris Trusted Extensions in Sun Solaris 10 and OpenSolaris snv_39 through snv_67, when a labeled zone is in the installed state, allows remote authenticated users to bypass a Mandatory Access Control (MAC) policy and obtain access to the global...
6.5AI Score
0.004EPSS
Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID...
9.8CVSS
9.6AI Score
0.047EPSS
The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID...
8.1CVSS
7.8AI Score
0.001EPSS
Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not....
7.5CVSS
7.5AI Score
0.012EPSS
Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (CDM) 8.1(1) allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID...
6.1CVSS
5.7AI Score
0.001EPSS
Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID...
7.5CVSS
7.3AI Score
0.006EPSS
The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID...
7.5CVSS
7.2AI Score
0.003EPSS
Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID...
7.5CVSS
7.2AI Score
0.002EPSS
The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID...
5.9CVSS
5.7AI Score
0.006EPSS
Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID...
7.5CVSS
7.4AI Score
0.006EPSS
Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID...
9.8CVSS
9.3AI Score
0.005EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 11.5(0.99833.5) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID...
6.1CVSS
6AI Score
0.001EPSS
Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which....
5.3CVSS
4.9AI Score
0.001EPSS
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST...
8.8CVSS
8.3AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID...
6.1CVSS
5.9AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID...
6.1CVSS
5.9AI Score
0.001EPSS
SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID...
9.8CVSS
9.8AI Score
0.001EPSS
Unspecified vulnerability in Oracle OpenSolaris allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depot...
6.1AI Score
0.006EPSS
Unspecified vulnerability in Oracle OpenSolaris allows local users to affect availability via unknown vectors related to Kernel/File...
5.6AI Score
0.0004EPSS
Unspecified vulnerability in Oracle OpenSolaris allows remote attackers to affect confidentiality and integrity, related to...
6.2AI Score
0.002EPSS
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect integrity and availability, related to the SCSI enclosure services device...
5.9AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to...
5.9AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect confidentiality, related to...
5.9AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability via unknown vectors related to...
5.6AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to...
5.9AI Score
0.0004EPSS
Unspecified vulnerability in Oracle OpenSolaris allows local users to affect integrity and availability via unknown vectors related to...
5.6AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect integrity and availability via unknown vectors related to Device...
5.6AI Score
0.0004EPSS
Unspecified vulnerability in the Solaris component in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to Kernel/Disk...
5.6AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect confidentiality and integrity via unknown vectors related to...
5.3AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability via unknown vectors related to...
5.6AI Score
0.001EPSS
Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to...
5.7AI Score
0.001EPSS
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect confidentiality and integrity, related to...
5.7AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to GigaSwift Ethernet...
5.7AI Score
0.001EPSS
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect integrity and availability, related to...
5.9AI Score
0.001EPSS
Unspecified vulnerability in Oracle OpenSolaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to...
5.6AI Score
0.0004EPSS
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to...
5.9AI Score
0.001EPSS