Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-10036 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NFSv4). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFSv4 to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Published: August 08, 2017; 11:29:01 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2017-10004 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Published: August 08, 2017; 11:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.7 MEDIUM V2.0: 7.2 HIGH |
CVE-2017-3631 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). Published: June 22, 2017; 9:29:00 AM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2017-3630 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). Published: June 22, 2017; 9:29:00 AM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2017-3629 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Published: June 22, 2017; 9:29:00 AM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-3623 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). For supported versions that are affected see note. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3623 is assigned for "Ebbisland". Solaris 10 systems which have had any Kernel patch installed after, or updated via patching tools since 2012-01-26 are not impacted. Also, any Solaris 10 system installed with Solaris 10 1/13 (Solaris 10 Update 11) are not vulnerable. Solaris 11 is not impacted by this issue. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Published: April 24, 2017; 3:59:06 PM -0400 |
V4.0:(not available) V3.0: 10.0 CRITICAL V2.0: 10.0 HIGH |
CVE-2016-8977 |
IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system. Published: February 01, 2017; 5:59:01 PM -0500 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2016-8963 |
IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user. Published: February 01, 2017; 5:59:00 PM -0500 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2016-8967 |
IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user. Published: February 01, 2017; 4:59:00 PM -0500 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2016-8981 |
IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system. Published: February 01, 2017; 3:59:03 PM -0500 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2016-8980 |
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. Published: February 01, 2017; 3:59:03 PM -0500 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 7.5 HIGH |
CVE-2016-8966 |
IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. Published: February 01, 2017; 3:59:03 PM -0500 |
V4.0:(not available) V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-8961 |
IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. Published: February 01, 2017; 3:59:03 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2016-9795 |
The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation. Published: January 27, 2017; 5:59:02 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2016-10086 |
RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request. Published: January 18, 2017; 5:59:00 PM -0500 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 5.5 MEDIUM |
CVE-2016-2334 |
Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image. Published: December 13, 2016; 5:59:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-0618 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via unknown vectors related to Zones. Published: January 20, 2016; 10:02:40 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 1.4 LOW |
CVE-2016-0535 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to RPC. Published: January 20, 2016; 10:01:23 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2016-0493 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via unknown vectors related to Kernel Cryptography. Published: January 20, 2016; 10:00:41 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 3.3 LOW |
CVE-2016-0458 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to Kernel DAX. Published: January 20, 2016; 10:00:07 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.0 MEDIUM |