Lucene search

K
OracleSolaris

546 matches found

CVE
CVE
added 2015/03/08 2:59 a.m.87 views

CVE-2015-2189

Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) inte...

5CVSS5.1AI score0.00295EPSS
CVE
CVE
added 2015/03/25 2:59 p.m.87 views

CVE-2015-2317

The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x0...

4.3CVSS5.5AI score0.03149EPSS
CVE
CVE
added 2015/08/16 1:59 a.m.87 views

CVE-2015-4486

The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data.

10CVSS7.4AI score0.02192EPSS
CVE
CVE
added 2022/12/26 6:15 a.m.87 views

CVE-2021-43395

An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle So...

5.5CVSS5.8AI score0.00014EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.86 views

CVE-1999-0046

Buffer overflow of rlogin program using TERM environmental variable.

10CVSS7.1AI score0.0353EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.86 views

CVE-2017-10036

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NFSv4). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFSv4 to compromise Solaris. Successful attacks of this vul...

7.8CVSS6.8AI score0.05561EPSS
CVE
CVE
added 2017/06/22 1:29 p.m.86 views

CVE-2017-3631

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful...

5.3CVSS5AI score0.07826EPSS
CVE
CVE
added 2014/12/15 6:59 p.m.85 views

CVE-2014-6052

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1...

7.5CVSS8.9AI score0.0454EPSS
CVE
CVE
added 2014/12/10 3:59 p.m.85 views

CVE-2014-8094

Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers ...

6.5CVSS7.8AI score0.01042EPSS
CVE
CVE
added 2015/06/24 2:59 p.m.85 views

CVE-2015-3900

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."

5CVSS6.3AI score0.02325EPSS
CVE
CVE
added 2023/07/18 9:15 p.m.85 views

CVE-2023-22023

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Interface). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solar...

7.8CVSS7.7AI score0.00099EPSS
CVE
CVE
added 2014/12/16 11:59 p.m.84 views

CVE-2014-5353

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demo...

3.5CVSS6.4AI score0.00458EPSS
CVE
CVE
added 2015/08/24 11:59 p.m.84 views

CVE-2015-6248

The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3CVSS5.1AI score0.00679EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.83 views

CVE-2020-2771

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Whodo). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Succes...

2.5CVSS2AI score0.00282EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.82 views

CVE-2002-1337

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

10CVSS7.6AI score0.51022EPSS
CVE
CVE
added 2013/07/17 1:41 p.m.82 views

CVE-2013-3805

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.

4CVSS5.1AI score0.00738EPSS
CVE
CVE
added 2015/01/10 2:59 a.m.82 views

CVE-2015-0564

Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL ...

5CVSS5.1AI score0.00619EPSS
CVE
CVE
added 2015/08/24 11:59 p.m.82 views

CVE-2015-6244

The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3CVSS5.1AI score0.00803EPSS
CVE
CVE
added 2022/04/19 9:15 p.m.82 views

CVE-2022-21416

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful a...

5CVSS4.8AI score0.00159EPSS
CVE
CVE
added 2013/03/08 9:55 p.m.81 views

CVE-2011-3201

GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.

4.3CVSS6.5AI score0.00808EPSS
CVE
CVE
added 2015/08/24 11:59 p.m.80 views

CVE-2015-6245

epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

4.3CVSS5.1AI score0.00378EPSS
CVE
CVE
added 2015/08/24 11:59 p.m.80 views

CVE-2015-6246

The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3CVSS5.1AI score0.00661EPSS
CVE
CVE
added 2016/07/05 1:59 a.m.80 views

CVE-2016-4957

ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.

7.5CVSS6.2AI score0.57878EPSS
CVE
CVE
added 2014/07/19 7:55 p.m.79 views

CVE-2014-3532

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before ...

2.1CVSS5.9AI score0.00123EPSS
CVE
CVE
added 2015/11/09 3:59 a.m.79 views

CVE-2015-2695

lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.

5CVSS7AI score0.04048EPSS
CVE
CVE
added 2017/06/22 1:29 p.m.79 views

CVE-2017-3629

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Succ...

7.8CVSS7.1AI score0.25687EPSS
CVE
CVE
added 2015/03/08 2:59 a.m.78 views

CVE-2015-2188

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly ...

5CVSS5.1AI score0.00344EPSS
CVE
CVE
added 2016/08/07 4:59 p.m.78 views

CVE-2016-5357

wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

5.9CVSS6AI score0.00671EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.77 views

CVE-2013-5610

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS9.9AI score0.00881EPSS
CVE
CVE
added 2014/11/26 3:59 p.m.77 views

CVE-2014-7142

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

6.4CVSS8.1AI score0.47313EPSS
CVE
CVE
added 2015/11/15 3:59 a.m.77 views

CVE-2015-7830

The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interf...

4.3CVSS5.2AI score0.00574EPSS
CVE
CVE
added 2016/04/25 10:59 a.m.77 views

CVE-2016-4082

epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet.

5.9CVSS5.4AI score0.00228EPSS
CVE
CVE
added 2022/04/19 9:15 p.m.77 views

CVE-2022-21446

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. Successful attacks of this vuln...

8.2CVSS7.1AI score0.01142EPSS
CVE
CVE
added 2015/08/20 8:59 p.m.76 views

CVE-2015-3219

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly han...

4.3CVSS5.2AI score0.00408EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.76 views

CVE-2020-2851

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise O...

7.8CVSS7.6AI score0.00135EPSS
CVE
CVE
added 2022/04/19 9:15 p.m.76 views

CVE-2022-21461

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful at...

5.5CVSS5.2AI score0.00121EPSS
CVE
CVE
added 2015/03/25 2:59 p.m.75 views

CVE-2015-2316

The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.

5CVSS6.4AI score0.0227EPSS
CVE
CVE
added 2015/08/16 1:59 a.m.75 views

CVE-2015-4496

Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538.

9.3CVSS8.9AI score0.87777EPSS
CVE
CVE
added 2016/04/07 9:59 p.m.74 views

CVE-2015-2774

Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).

5.9CVSS4.6AI score0.93774EPSS
CVE
CVE
added 2015/08/24 11:59 p.m.74 views

CVE-2015-6243

The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_ge...

4.3CVSS5.2AI score0.00661EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.74 views

CVE-2020-2565

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Consolidation Infrastructure). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracl...

7.5CVSS7.4AI score0.00115EPSS
CVE
CVE
added 2022/01/19 12:15 p.m.74 views

CVE-2022-21298

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Install). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful a...

3.9CVSS4.1AI score0.00087EPSS
CVE
CVE
added 2015/01/18 6:59 p.m.73 views

CVE-2015-0973

Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.

8.8CVSS7.3AI score0.02533EPSS
CVE
CVE
added 2015/07/06 2:0 a.m.73 views

CVE-2015-2726

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS5.8AI score0.01528EPSS
CVE
CVE
added 2015/05/18 3:59 p.m.73 views

CVE-2015-3455

Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificat...

2.6CVSS7.2AI score0.02109EPSS
CVE
CVE
added 2015/05/26 3:59 p.m.73 views

CVE-2015-3814

The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause...

5CVSS5.1AI score0.00189EPSS
CVE
CVE
added 2017/06/22 1:29 p.m.73 views

CVE-2017-3630

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Succ...

5.3CVSS5AI score0.07826EPSS
CVE
CVE
added 2015/08/24 11:59 p.m.72 views

CVE-2015-6242

The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows re...

4.3CVSS6.3AI score0.00569EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.72 views

CVE-2017-3622

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment (CDE)). The supported version that is affected is 10. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to co...

7.8CVSS7.2AI score0.18891EPSS
Web
CVE
CVE
added 2015/01/21 6:59 p.m.71 views

CVE-2015-1196

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.

4.3CVSS6AI score0.00853EPSS
Total number of security vulnerabilities546