U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
There are 283 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2016-5553

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via unknown vectors.

Published: October 25, 2016; 10:30:20 AM -0400
V3.0: 5.0 MEDIUM
V2.0: 4.7 MEDIUM
CVE-2016-5544

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86.

Published: October 25, 2016; 10:30:19 AM -0400
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2016-5487

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors.

Published: October 25, 2016; 10:29:21 AM -0400
V3.0: 5.3 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2016-2776

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.

Published: September 28, 2016; 6:59:00 AM -0400
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2016-5844

Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.

Published: September 21, 2016; 10:25:16 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-6302

The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.

Published: September 16, 2016; 1:59:12 AM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-5358

epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Published: August 07, 2016; 12:59:13 PM -0400
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-5357

wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

Published: August 07, 2016; 12:59:12 PM -0400
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-6185

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.

Published: August 02, 2016; 10:59:02 AM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2016-5471

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5469.

Published: July 21, 2016; 6:15:28 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-5469

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5471.

Published: July 21, 2016; 6:15:26 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-5454

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Verified Boot.

Published: July 21, 2016; 6:15:10 AM -0400
V3.0: 6.4 MEDIUM
V2.0: 5.4 MEDIUM
CVE-2016-5452

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality via vectors related to Verified Boot.

Published: July 21, 2016; 6:15:08 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-3584

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Libadimalloc.

Published: July 21, 2016; 6:14:23 AM -0400
V3.0: 7.0 HIGH
V2.0: 4.4 MEDIUM
CVE-2016-3497

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-5469 and CVE-2016-5471.

Published: July 21, 2016; 6:12:49 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-5387

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.

Published: July 18, 2016; 10:00:19 PM -0400
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-4957

ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.

Published: July 04, 2016; 9:59:04 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-4956

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.

Published: July 04, 2016; 9:59:03 PM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2016-4955

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.

Published: July 04, 2016; 9:59:02 PM -0400
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-4954

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.

Published: July 04, 2016; 9:59:01 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM