Oracle Solaris vulnerabilities
549 known vulnerabilities affecting oracle/solaris.
Total CVEs
549
CISA KEV
6
actively exploited
Public exploits
29
Exploited in wild
8
Severity breakdown
CRITICAL45HIGH116MEDIUM285LOW103
Vulnerabilities
Page 10 of 28
CVE-2016-5576MEDIUMCVSS 5.5v11.32016-10-25
CVE-2016-5576 [MEDIUM] CWE-284 CVE-2016-5576: Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via v
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel Zones.
nvd
CVE-2016-5561LOWCVSS 3.1v11.32016-10-25
CVE-2016-5561 [LOW] CVE-2016-5561: Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect availability
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect availability via vectors related to IKE.
nvd
CVE-2016-5615LOWCVSS 3.3v11.32016-10-25
CVE-2016-5615 [LOW] CWE-284 CVE-2016-5615: Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via v
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Lynx.
nvd
CVE-2016-5480LOWCVSS 2.8v102016-10-25
CVE-2016-5480 [LOW] CVE-2016-5480: Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via vector
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via vectors related to Bash.
nvd
CVE-2016-2776HIGHCVSS 7.5PoCv10.0v11.32016-09-28
CVE-2016-2776 [HIGH] CWE-20 CVE-2016-2776: buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
nvd
CVE-2016-5844MEDIUMCVSS 6.5v11.32016-09-21
CVE-2016-5844 [MEDIUM] CWE-190 CVE-2016-5844: Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a den
Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.
nvd
CVE-2016-6302HIGHCVSS 7.5v10v11.32016-09-16
CVE-2016-6302 [HIGH] CWE-20 CVE-2016-6302: The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC s
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.
nvd
CVE-2016-5358MEDIUMCVSS 5.9v11.32016-08-07
CVE-2016-5358 [MEDIUM] CWE-20 CVE-2016-5358: epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles th
epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
nvd
CVE-2016-5357MEDIUMCVSS 5.9v11.32016-08-07
CVE-2016-5357 [MEDIUM] CWE-20 CVE-2016-5357: wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2
wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
nvd
CVE-2016-6185HIGHCVSS 7.8v10v11.32016-08-02
CVE-2016-6185 [HIGH] CVE-2016-6185: The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a st
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.
nvd
CVE-2016-3584HIGHCVSS 7.0v11.32016-07-21
CVE-2016-3584 [HIGH] CVE-2016-3584: Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, i
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Libadimalloc.
nvd
CVE-2016-3453MEDIUMCVSS 5.5v102016-07-21
CVE-2016-3453 [MEDIUM] CVE-2016-3453: Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vec
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to Kernel.
nvd
CVE-2016-5469MEDIUMCVSS 5.5v11.32016-07-21
CVE-2016-5469 [MEDIUM] CVE-2016-5469: Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via v
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5471.
nvd
CVE-2016-5454MEDIUMCVSS 6.4v11.32016-07-21
CVE-2016-5454 [MEDIUM] CVE-2016-5454: Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and avai
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Verified Boot.
nvd
CVE-2016-5471MEDIUMCVSS 5.5v11.32016-07-21
CVE-2016-5471 [MEDIUM] CVE-2016-5471: Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via v
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5469.
nvd
CVE-2016-3497MEDIUMCVSS 5.5v11.32016-07-21
CVE-2016-3497 [MEDIUM] CVE-2016-3497: Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via v
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-5469 and CVE-2016-5471.
nvd
CVE-2016-5452MEDIUMCVSS 5.5v11.32016-07-21
CVE-2016-5452 [MEDIUM] CVE-2016-5452: Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality vi
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality via vectors related to Verified Boot.
nvd
CVE-2016-5387HIGHCVSS 8.1v11.32016-07-19
CVE-2016-5387 [HIGH] CVE-2016-5387: The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka
nvd
CVE-2016-4954HIGHCVSS 7.5v10v11.32016-07-05
CVE-2016-4954 [HIGH] CWE-362 CVE-2016-4954: The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.
nvd
CVE-2016-4953HIGHCVSS 7.5v10v11.32016-07-05
CVE-2016-4953 [HIGH] CWE-287 CVE-2016-4953: ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-assoc
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
nvd