Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
There are 310 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2016-6185

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.

Published: August 02, 2016; 10:59:02 AM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2016-5471

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5469.

Published: July 21, 2016; 6:15:28 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-5469

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5471.

Published: July 21, 2016; 6:15:26 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-5454

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Verified Boot.

Published: July 21, 2016; 6:15:10 AM -0400
V3.0: 6.4 MEDIUM
V2.0: 5.4 MEDIUM
CVE-2016-5452

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality via vectors related to Verified Boot.

Published: July 21, 2016; 6:15:08 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-3584

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Libadimalloc.

Published: July 21, 2016; 6:14:23 AM -0400
V3.0: 7.0 HIGH
V2.0: 4.4 MEDIUM
CVE-2016-3497

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-5469 and CVE-2016-5471.

Published: July 21, 2016; 6:12:49 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-5387

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.

Published: July 18, 2016; 10:00:19 PM -0400
V3.0: 8.1 HIGH
V2.0: 5.1 MEDIUM
CVE-2016-4957

ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.

Published: July 04, 2016; 9:59:04 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-4956

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.

Published: July 04, 2016; 9:59:03 PM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2016-4955

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.

Published: July 04, 2016; 9:59:02 PM -0400
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-4954

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.

Published: July 04, 2016; 9:59:01 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-4953

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.

Published: July 04, 2016; 9:59:00 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-2178

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

Published: June 19, 2016; 9:59:03 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-2177

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.

Published: June 19, 2016; 9:59:02 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-5118

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

Published: June 10, 2016; 11:59:06 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2016-4085

Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet.

Published: April 25, 2016; 6:59:10 AM -0400
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-4082

epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet.

Published: April 25, 2016; 6:59:07 AM -0400
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-4079

epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet.

Published: April 25, 2016; 6:59:04 AM -0400
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-3462

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Network Configuration Service.

Published: April 21, 2016; 7:00:40 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM