Oracle Solaris vulnerabilities
549 known vulnerabilities affecting oracle/solaris.
Total CVEs
549
CISA KEV
6
actively exploited
Public exploits
29
Exploited in wild
8
Severity breakdown
CRITICAL45HIGH116MEDIUM285LOW103
Vulnerabilities
Page 12 of 28
CVE-2016-3419LOWCVSS 3.3v10v11.32016-04-21
CVE-2016-3419 [LOW] CVE-2016-3419: Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availabilit
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to Filesystem.
nvd
CVE-2016-2381HIGHCVSS 7.5v11.32016-04-08
CVE-2016-2381 [HIGH] CWE-20 CVE-2016-2381: Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child pro
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
nvd
CVE-2015-2774MEDIUMCVSS 5.9v11.22016-04-07
CVE-2015-2774 [MEDIUM] CVE-2015-2774: Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, w
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
nvd
CVE-2015-8629MEDIUMCVSS 5.3v10v11.32016-02-13
CVE-2015-8629 [MEDIUM] CWE-125 CVE-2015-8629: The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) befo
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
nvd
CVE-2015-7546HIGHCVSS 7.5v11.32016-02-03
CVE-2015-7546 [HIGH] CWE-522 CVE-2015-7546: The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2
The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass i
nvd
CVE-2016-0440HIGHCVSS 7.8v112016-01-21
CVE-2016-0440 [HIGH] CVE-2016-0440: Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability vi
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to NFSv4.
nvd
CVE-2016-0403HIGHCVSS 7.8v112016-01-21
CVE-2016-0403 [HIGH] CVE-2016-0403: Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability vi
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to SMB Utilities.
nvd
CVE-2016-0546HIGHCVSS 7.2v11.32016-01-21
CVE-2016-0546 [HIGH] CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and Mari
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commen
nvd
CVE-2016-0414HIGHCVSS 7.2v112016-01-21
CVE-2016-0414 [HIGH] CVE-2016-0414: Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, int
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0418.
nvd
CVE-2016-0596MEDIUMCVSS 4.0v11.32016-01-21
CVE-2016-0596 [MEDIUM] CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB befo
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.
nvd
CVE-2016-0419MEDIUMCVSS 4.9v112016-01-21
CVE-2016-0419 [MEDIUM] CVE-2016-0419: Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unk
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0431.
nvd
CVE-2016-0505MEDIUMCVSS 6.8v11.32016-01-21
CVE-2016-0505 [MEDIUM] CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and Mari
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.
nvd
CVE-2016-0597MEDIUMCVSS 4.0v11.32016-01-21
CVE-2016-0597 [MEDIUM] CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and Mari
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
nvd
CVE-2016-0616MEDIUMCVSS 4.0v11.32016-01-21
CVE-2016-0616 [MEDIUM] CVE-2016-0616: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x befor
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
nvd
CVE-2016-0458MEDIUMCVSS 4.0v112016-01-21
CVE-2016-0458 [MEDIUM] CVE-2016-0458: Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vec
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to Kernel DAX.
nvd
CVE-2016-0416MEDIUMCVSS 5.0v112016-01-21
CVE-2016-0416 [MEDIUM] CVE-2016-0416: Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect integrity via u
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect integrity via unknown vectors related to System Archive Utility.
nvd
CVE-2016-0428MEDIUMCVSS 4.9v112016-01-21
CVE-2016-0428 [MEDIUM] CVE-2016-0428: Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unk
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Verified Boot.
nvd
CVE-2016-0418MEDIUMCVSS 6.1v112016-01-21
CVE-2016-0418 [MEDIUM] CVE-2016-0418: Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, int
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0414.
nvd
CVE-2016-0535MEDIUMCVSS 4.3v10v112016-01-21
CVE-2016-0535 [MEDIUM] CVE-2016-0535: Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availabi
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to RPC.
nvd
CVE-2016-0618LOWCVSS 1.4v112016-01-21
CVE-2016-0618 [LOW] CVE-2016-0618: Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via unknown vectors related to Zones.
nvd