Oracle Solaris vulnerabilities
549 known vulnerabilities affecting oracle/solaris.
Total CVEs
549
CISA KEV
6
actively exploited
Public exploits
29
Exploited in wild
8
Severity breakdown
CRITICAL45HIGH116MEDIUM285LOW103
Vulnerabilities
Page 17 of 28
CVE-2015-4651MEDIUMCVSS 5.0v11.32015-07-22
CVE-2015-4651 [MEDIUM] CWE-399 CVE-2015-4651: The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissect
The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
nvd
CVE-2015-0253MEDIUMCVSS 5.0v11.32015-07-20
CVE-2015-0253 [MEDIUM] CVE-2015-0253: The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initia
The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400
nvd
CVE-2015-2631HIGHCVSS 7.2v10v11.22015-07-16
CVE-2015-2631 [HIGH] CVE-2015-2631: Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentia
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rmformat.
nvd
CVE-2015-2609MEDIUMCVSS 4.9v11.22015-07-16
CVE-2015-2609 [MEDIUM] CVE-2015-2609: Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via v
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to CPU performance counters drivers.
nvd
CVE-2015-4770MEDIUMCVSS 4.9v10v11.22015-07-16
CVE-2015-4770 [MEDIUM] CVE-2015-4770: Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availabilit
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to UNIX filesystem.
nvd
CVE-2015-4752MEDIUMCVSS 4.0v11.32015-07-16
CVE-2015-4752 [MEDIUM] CVE-2015-4752: Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows re
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.
nvd
CVE-2015-2582MEDIUMCVSS 4.0v11.32015-07-16
CVE-2015-2582 [MEDIUM] CVE-2015-2582: Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows re
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
nvd
CVE-2015-2643MEDIUMCVSS 4.0v11.32015-07-16
CVE-2015-2643 [MEDIUM] CVE-2015-2643: Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows re
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
nvd
CVE-2015-2648MEDIUMCVSS 4.0v11.32015-07-16
CVE-2015-2648 [MEDIUM] CVE-2015-2648: Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows re
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.
nvd
CVE-2015-2614MEDIUMCVSS 4.9v11.22015-07-16
CVE-2015-2614 [MEDIUM] CVE-2015-2614: Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via v
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to NVM Express SSD driver.
nvd
CVE-2015-2589MEDIUMCVSS 4.9v10v11.22015-07-16
CVE-2015-2589 [MEDIUM] CVE-2015-2589: Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availabilit
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to S10 Branded Zone.
nvd
CVE-2015-2620MEDIUMCVSS 4.3v11.32015-07-16
CVE-2015-2620 [MEDIUM] CVE-2015-2620: Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows re
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.
nvd
CVE-2015-2662LOWCVSS 1.9v10v11.22015-07-16
CVE-2015-2662 [LOW] CVE-2015-2662: Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availabilit
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to DHCP Server.
nvd
CVE-2015-2651LOWCVSS 3.8v11.22015-07-16
CVE-2015-2651 [LOW] CVE-2015-2651: Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via v
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to Kernel Zones virtualized NIC driver.
nvd
CVE-2015-4737LOWCVSS 3.5v11.32015-07-16
CVE-2015-4737 [LOW] CVE-2015-4737: Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.
nvd
CVE-2015-2580LOWCVSS 1.9v10v11.22015-07-16
CVE-2015-2580 [LOW] CVE-2015-2580: Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availabilit
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to NFSv4.
nvd
CVE-2015-5143HIGHCVSS 7.8v11.32015-07-14
CVE-2015-5143 [HIGH] CWE-399 CVE-2015-5143: The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x bef
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.
nvd
CVE-2015-5144MEDIUMCVSS 4.3v11.32015-07-14
CVE-2015-5144 [MEDIUM] CWE-20 CVE-2015-5144: Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorr
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to
nvd
CVE-2015-2735CRITICALCVSS 9.3v11.32015-07-06
CVE-2015-2735 [CRITICAL] CWE-17 CVE-2015-2735: nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1,
nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.
nvd
CVE-2015-2734CRITICALCVSS 10.0v11.32015-07-06
CVE-2015-2734 [CRITICAL] CWE-17 CVE-2015-2734: The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Fi
The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.
nvd