Solaris Security Vulnerabilities and Issues — Solaris CVE List

Lucene search

OracleSolaris

169 matches found

CVE•added 2015/08/08 12:59 a.m.•934 views

CVE-2015-4495

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wi...

8.8CVSS6.6AI score0.69924EPSS

In wild

CVE•added 2015/12/16 3:59 p.m.•438 views

CVE-2015-8000

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.

5CVSS6.7AI score0.54087EPSS

CVE•added 2015/05/14 10:59 a.m.•407 views

CVE-2015-2716

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.

7.5CVSS8.6AI score0.05699EPSS

CVE•added 2015/06/09 2:59 p.m.•371 views

CVE-2015-3200

mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.

7.5CVSS7.5AI score0.12244EPSS

CVE•added 2015/07/23 12:59 a.m.•307 views

CVE-2015-1283

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a relate...

6.8CVSS8.4AI score0.05699EPSS

CVE•added 2015/06/09 6:59 p.m.•255 views

CVE-2015-3329

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.

7.5CVSS8AI score0.26339EPSS

CVE•added 2015/06/09 6:59 p.m.•236 views

CVE-2015-4024

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth ou...

5CVSS7.3AI score0.73843EPSS

CVE•added 2015/11/16 11:59 a.m.•233 views

CVE-2015-8104

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.

10CVSS5.3AI score0.00346EPSS

CVE•added 2015/08/16 1:59 a.m.•231 views

CVE-2015-4491

Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of ser...

6.8CVSS7.9AI score0.05713EPSS

CVE•added 2015/06/09 6:59 p.m.•209 views

CVE-2015-3330

The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP...

6.8CVSS8.1AI score0.24174EPSS

CVE•added 2015/08/14 6:59 p.m.•203 views

CVE-2015-1819

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.

5CVSS6.5AI score0.02464EPSS

CVE•added 2015/05/08 2:59 p.m.•201 views

CVE-2015-3294

The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.

6.4CVSS8.8AI score0.00184EPSS

CVE•added 2015/11/13 3:59 a.m.•201 views

CVE-2015-8126

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly ha...

7.5CVSS7.9AI score0.04186EPSS

CVE•added 2015/07/06 2:0 a.m.•192 views

CVE-2015-2721

Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attack...

4.3CVSS4.1AI score0.00516EPSS

CVE•added 2015/12/06 8:59 p.m.•190 views

CVE-2015-3195

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by...

5.3CVSS6.3AI score0.02221EPSS

CVE•added 2015/03/30 10:59 a.m.•186 views

CVE-2015-1351

Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5CVSS7.7AI score0.11993EPSS

CVE•added 2015/10/21 9:59 p.m.•171 views

CVE-2015-4819

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.

7.2CVSS5.1AI score0.00083EPSS

CVE•added 2015/07/06 2:1 a.m.•165 views

CVE-2015-2730

Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof EC...

4.3CVSS4.3AI score0.0034EPSS

CVE•added 2015/01/21 7:59 p.m.•160 views

CVE-2015-0411

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.

7.5CVSS6.5AI score0.13673EPSS

CVE•added 2015/10/01 8:59 p.m.•153 views

CVE-2015-7236

Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.

7.5CVSS7.1AI score0.08207EPSS

CVE•added 2015/10/21 11:59 p.m.•149 views

CVE-2015-4870

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.

4CVSS5.1AI score0.19279EPSS

Web

CVE•added 2015/05/27 10:59 a.m.•146 views

CVE-2015-2922

The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

3.3CVSS5AI score0.01716EPSS

CVE•added 2015/10/21 9:59 p.m.•146 views

CVE-2015-4792

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.

1.7CVSS5.2AI score0.01015EPSS

CVE•added 2015/07/14 5:59 p.m.•142 views

CVE-2015-5143

The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.

7.8CVSS6.3AI score0.15813EPSS

CVE•added 2015/04/16 5:0 p.m.•141 views

CVE-2015-2573

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

4CVSS4.8AI score0.00501EPSS

CVE•added 2015/10/22 12:0 a.m.•141 views

CVE-2015-4913

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.

3.5CVSS5.2AI score0.00508EPSS

CVE•added 2015/04/16 5:0 p.m.•139 views

CVE-2015-2568

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.

5CVSS5AI score0.0441EPSS

CVE•added 2015/07/16 10:59 a.m.•137 views

CVE-2015-2582

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

4CVSS4.6AI score0.00524EPSS

CVE•added 2015/07/06 2:1 a.m.•137 views

CVE-2015-2738

The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

10CVSS4.4AI score0.00945EPSS

CVE•added 2015/07/06 2:0 a.m.•136 views

CVE-2015-2724

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ...

10CVSS6.2AI score0.01739EPSS

CVE•added 2015/04/16 4:59 p.m.•134 views

CVE-2015-0433

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.

4CVSS4.8AI score0.00573EPSS

CVE•added 2015/07/06 2:1 a.m.•131 views

CVE-2015-2734

The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

10CVSS4.4AI score0.00945EPSS

CVE•added 2015/07/06 2:0 a.m.•126 views

CVE-2015-2722

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker.

10CVSS5.1AI score0.02288EPSS

CVE•added 2015/08/16 1:59 a.m.•125 views

CVE-2015-4487

The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow."

7.5CVSS7.3AI score0.0317EPSS

CVE•added 2015/10/21 9:59 p.m.•125 views

CVE-2015-4802

4CVSS5.2AI score0.01015EPSS

CVE•added 2015/10/21 11:59 p.m.•125 views

CVE-2015-4858

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.

4CVSS5.2AI score0.00508EPSS

CVE•added 2015/10/21 11:59 p.m.•125 views

CVE-2015-4861

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

3.5CVSS5.1AI score0.00476EPSS

CVE•added 2015/08/16 1:59 a.m.•123 views

CVE-2015-4492

Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object.

7.5CVSS7.2AI score0.02997EPSS

CVE•added 2015/10/21 9:59 p.m.•123 views

CVE-2015-4815

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.

4CVSS5.1AI score0.00508EPSS

CVE•added 2015/10/21 9:59 p.m.•123 views

CVE-2015-4826

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.

4CVSS4.9AI score0.00369EPSS

CVE•added 2015/04/16 5:0 p.m.•122 views

CVE-2015-2571

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

4CVSS4.8AI score0.00501EPSS

CVE•added 2015/10/21 9:59 p.m.•122 views

CVE-2015-4830

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.

4CVSS5.1AI score0.00362EPSS

CVE•added 2015/10/21 11:59 p.m.•122 views

CVE-2015-4836

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.

2.8CVSS5.1AI score0.0095EPSS

CVE•added 2015/07/16 10:59 a.m.•121 views

CVE-2015-2620

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.

4.3CVSS4.4AI score0.00576EPSS

CVE•added 2015/07/06 2:1 a.m.•121 views

CVE-2015-2731

Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal ...

10CVSS5.1AI score0.03053EPSS

CVE•added 2015/08/16 1:59 a.m.•121 views

CVE-2015-4482

mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service (out-of-bounds write) via a crafted name of a Mozilla Archive (aka MAR) file.

4.6CVSS8.2AI score0.00083EPSS

CVE•added 2015/02/12 4:59 p.m.•120 views

CVE-2014-9512

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.

6.4CVSS8.4AI score0.08882EPSS

CVE•added 2015/04/16 4:59 p.m.•120 views

CVE-2015-0499

3.5CVSS4.8AI score0.00725EPSS

CVE•added 2015/07/16 11:0 a.m.•120 views

CVE-2015-2648

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.

4CVSS4.6AI score0.00439EPSS

CVE•added 2015/07/06 2:0 a.m.•120 views

CVE-2015-2728

The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (me...

7.5CVSS5.6AI score0.03275EPSS

Total number of security vulnerabilities169