Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Solaris
(Oracle)| Repositories |
• https://github.com/ImageMagick/ImageMagick
• https://github.com/krb5/krb5 • https://github.com/torvalds/linux • https://github.com/newsoft/libvncserver • https://github.com/wireshark/wireshark |
| #Vulnerabilities | 540 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-02-06 | CVE-2014-1485 | The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions. | Ubuntu_linux, Firefox, Seamonkey, Opensuse, Solaris, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | N/A | ||
| 2014-02-06 | CVE-2014-1488 | The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js. | Ubuntu_linux, Firefox, Seamonkey, Opensuse, Solaris, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | N/A | ||
| 2016-05-17 | CVE-2016-3627 | The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. | Ubuntu_linux, Debian_linux, Icewall_federation_agent, Icewall_file_manager, Leap, Solaris, Vm_server, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_workstation, Jboss_core_services, Libxml2 | 7.5 | ||
| 2003-03-07 | CVE-2002-1337 | Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c. | Linux, Alphaserver_sc, Hp\-Ux, Netbsd, Solaris, Sendmail, Sunos, Bsdos, Platform_sa | N/A | ||
| 1997-02-06 | CVE-1999-0046 | Buffer overflow of rlogin program using TERM environmental variable. | Bsd_os, Debian_linux, Ultrix, Freebsd, Hp\-Ux, Aix, Netbsd, Nextstep, Solaris, Sunos | N/A | ||
| 2001-06-18 | CVE-2001-0249 | Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings. | Hp\-Ux, Solaris, Irix | 9.8 | ||
| 2009-07-01 | CVE-2009-2282 | The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10, and OpenSolaris snv_41 through snv_108, on SPARC platforms does not check authorization for guest console access, which allows local control-domain users to gain guest-domain privileges via unknown vectors. | Opensolaris, Solaris | N/A | ||
| 2024-01-16 | CVE-2024-20920 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a... | Solaris | 3.8 | ||
| 2024-01-16 | CVE-2024-20946 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.5 (Availability impacts). ... | Solaris | 5.5 | ||
| 2014-07-19 | CVE-2014-3532 | dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded. | Debian_linux, Dbus, Mageia, Opensuse, Solaris | N/A |