Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-3622 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment (CDE)). The supported version that is affected is 10. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3622 is assigned for the "Extremeparr". CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Published: April 24, 2017; 3:59:06 PM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2016-5842 |
MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read. Published: December 13, 2016; 10:59:07 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-5559 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect integrity via vectors related to Kernel. Published: October 25, 2016; 10:30:26 AM -0400 |
V3.0: 4.1 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2016-5553 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via unknown vectors. Published: October 25, 2016; 10:30:20 AM -0400 |
V3.0: 5.0 MEDIUM V2.0: 4.7 MEDIUM |
CVE-2016-5544 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86. Published: October 25, 2016; 10:30:19 AM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2016-5480 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via vectors related to Bash. Published: October 25, 2016; 10:29:17 AM -0400 |
V3.0: 2.8 LOW V2.0: 1.9 LOW |
CVE-2016-6302 |
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. Published: September 16, 2016; 1:59:12 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-6185 |
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. Published: August 02, 2016; 10:59:02 AM -0400 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2016-3453 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to Kernel. Published: July 21, 2016; 6:12:17 AM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2016-4957 |
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. Published: July 04, 2016; 9:59:04 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-4956 |
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548. Published: July 04, 2016; 9:59:03 PM -0400 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2016-4955 |
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. Published: July 04, 2016; 9:59:02 PM -0400 |
V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-4954 |
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. Published: July 04, 2016; 9:59:01 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-4953 |
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. Published: July 04, 2016; 9:59:00 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-4971 |
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. Published: June 30, 2016; 1:59:07 PM -0400 |
V3.1: 8.8 HIGH V2.0: 4.3 MEDIUM |
CVE-2016-2178 |
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. Published: June 19, 2016; 9:59:03 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2016-2177 |
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. Published: June 19, 2016; 9:59:02 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-5118 |
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. Published: June 10, 2016; 11:59:06 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2016-3441 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Filesystem. Published: April 21, 2016; 7:00:30 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2016-3419 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to Filesystem. Published: April 21, 2016; 7:00:14 AM -0400 |
V3.1: 3.3 LOW V2.0: 2.1 LOW |