U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
There are 283 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2017-3474

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zone). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Published: April 24, 2017; 3:59:01 PM -0400
V3.0: 3.3 LOW
V2.0: 2.1 LOW
CVE-2016-4483

The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.

Published: April 11, 2017; 12:59:00 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-3301

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS v3.0 Base Score 3.3 (Integrity impacts).

Published: January 27, 2017; 5:59:04 PM -0500
V3.0: 3.3 LOW
V2.0: 1.9 LOW
CVE-2017-3276

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized block driver). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS v3.0 Base Score 5.7 (Integrity and Availability impacts).

Published: January 27, 2017; 5:59:03 PM -0500
V3.0: 5.7 MEDIUM
V2.0: 3.0 LOW
CVE-2016-8330

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS v3.0 Base Score 3.7 (Integrity impacts).

Published: January 27, 2017; 5:59:01 PM -0500
V3.0: 3.7 LOW
V2.0: 4.3 MEDIUM
CVE-2016-6491

Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.

Published: December 13, 2016; 10:59:09 AM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-5842

MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.

Published: December 13, 2016; 10:59:07 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-5841

Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.

Published: December 13, 2016; 10:59:06 AM -0500
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-5691

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.

Published: December 13, 2016; 10:59:04 AM -0500
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-5690

The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.

Published: December 13, 2016; 10:59:03 AM -0500
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-5689

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.

Published: December 13, 2016; 10:59:02 AM -0500
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-5688

The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.

Published: December 13, 2016; 10:59:01 AM -0500
V3.0: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-5687

The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.

Published: December 13, 2016; 10:59:00 AM -0500
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2015-8786

The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter.

Published: December 09, 2016; 3:59:00 PM -0500
V3.0: 6.5 MEDIUM
V2.0: 6.8 MEDIUM
CVE-2016-5615

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Lynx.

Published: October 25, 2016; 10:31:29 AM -0400
V3.0: 3.3 LOW
V2.0: 2.1 LOW
CVE-2016-5606

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Kernel Zones.

Published: October 25, 2016; 10:31:19 AM -0400
V3.0: 6.1 MEDIUM
V2.0: 5.6 MEDIUM
CVE-2016-5576

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel Zones.

Published: October 25, 2016; 10:30:45 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-5566

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect confidentiality via unknown vectors.

Published: October 25, 2016; 10:30:33 AM -0400
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2016-5561

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect availability via vectors related to IKE.

Published: October 25, 2016; 10:30:28 AM -0400
V3.0: 3.1 LOW
V2.0: 2.6 LOW
CVE-2016-5559

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect integrity via vectors related to Kernel.

Published: October 25, 2016; 10:30:26 AM -0400
V3.0: 4.1 MEDIUM
V2.0: 4.0 MEDIUM