Oracle Solaris vulnerabilities

CVE-2016-4957 [HIGH] CVE-2016-4957: ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.

CVE-2016-4956 [MEDIUM] CVE-2016-4956: ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mod ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.

CVE-2016-4955 [MEDIUM] CWE-362 CVE-2016-4955: ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial o ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.

CVE-2016-4971 [HIGH] CVE-2016-4971: GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.

CVE-2016-2177 [CRITICAL] CWE-190 CVE-2016-2177: OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which mi OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.

CVE-2016-2178 [MEDIUM] CWE-203 CVE-2016-2178: The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ens The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

CVE-2016-5118 [CRITICAL] CVE-2016-5118: The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attack The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

CVE-2016-3627 [HIGH] CWE-674 CVE-2016-3627: The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

CVE-2016-3718 [MEDIUM] CWE-918 CVE-2016-3718: The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote a The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

CVE-2016-3715 [MEDIUM] CWE-552 CVE-2016-3715: The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

CVE-2016-4082 [MEDIUM] CWE-119 CVE-2016-4082: epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2 epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet.

CVE-2016-4079 [MEDIUM] CWE-119 CVE-2016-4079: epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x bef epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet.

CVE-2016-4085 [MEDIUM] CWE-20 CVE-2016-4085: Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet.

CVE-2016-0693 [CRITICAL] CVE-2016-0693: Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote attackers to affect confid Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the PAM LDAP module.

CVE-2016-3441 [HIGH] CVE-2016-3441: Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentia Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Filesystem.

CVE-2016-0676 [MEDIUM] CVE-2016-0676: Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vec Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to the kernel.

CVE-2016-3465 [MEDIUM] CVE-2016-3465: Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availabilit Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to ZFS.

CVE-2016-3462 [MEDIUM] CVE-2016-3462: Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via v Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Network Configuration Service.

CVE-2016-0623 [MEDIUM] CVE-2016-0623: Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect integrity via Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect integrity via vectors related to the Automated Installer sub-component.

CVE-2016-0669 [MEDIUM] CVE-2016-0669: Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and avai Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Fwflash.