Oracle Solaris vulnerabilities

CVE-2017-3498 [LOW] CWE-200 CVE-2017-3498: Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthori

CVE-2016-4483 [HIGH] CWE-502 CVE-2016-4483: The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attacker The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.

CVE-2017-3276 [MEDIUM] CVE-2017-3276: Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zo Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized block driver). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerabi

CVE-2016-8330 [LOW] CWE-284 CVE-2016-8330: Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update,

CVE-2017-3301 [LOW] CVE-2017-3301: Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the

CVE-2016-5687 [CRITICAL] CWE-125 CVE-2016-5687: The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 al The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.

CVE-2016-5841 [CRITICAL] CWE-190 CVE-2016-5841: Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to ca Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.

CVE-2016-5691 [CRITICAL] CWE-20 CVE-2016-5691: The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.

CVE-2016-5690 [CRITICAL] CWE-476 CVE-2016-5690: The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.

CVE-2016-5689 [CRITICAL] CWE-476 CVE-2016-5689: The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.

CVE-2016-5688 [HIGH] CWE-119 CVE-2016-5688: The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, all The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) S

CVE-2016-5842 [HIGH] CWE-125 CVE-2016-5842: MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memo MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.

CVE-2016-6491 [HIGH] CWE-125 CVE-2016-6491: Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5 Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.

CVE-2015-8786 [MEDIUM] CWE-399 CVE-2015-8786: The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privil The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter.

CVE-2016-5544 [HIGH] CVE-2016-5544: Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentia Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86.

CVE-2016-5566 [MEDIUM] CWE-284 CVE-2016-5566: Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect confidentiali Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect confidentiality via unknown vectors.

CVE-2016-5553 [MEDIUM] CVE-2016-5553: Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availabilit Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via unknown vectors.

CVE-2016-5606 [MEDIUM] CWE-284 CVE-2016-5606: Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and avai Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Kernel Zones.

CVE-2016-5487 [MEDIUM] CVE-2016-5487: Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, i Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors.

CVE-2016-5559 [MEDIUM] CVE-2016-5559: Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect integrity v Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect integrity via vectors related to Kernel.