Filtered by vendor Oracle
Subscriptions
Filtered by product Solaris
Subscriptions
Total
725 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-4483 | 4 Debian, Oracle, Redhat and 1 more | 4 Debian Linux, Solaris, Jboss Core Services and 1 more | 2024-08-06 | 7.5 High |
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627. | ||||
CVE-2016-4085 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2024-08-06 | N/A |
Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet. | ||||
CVE-2016-4082 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2024-08-06 | N/A |
epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet. | ||||
CVE-2016-4079 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2024-08-06 | N/A |
epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet. | ||||
CVE-2016-3718 | 6 Canonical, Imagemagick, Opensuse and 3 more | 31 Ubuntu Linux, Imagemagick, Leap and 28 more | 2024-08-06 | 5.5 Medium |
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. | ||||
CVE-2016-3715 | 6 Canonical, Imagemagick, Opensuse and 3 more | 31 Ubuntu Linux, Imagemagick, Leap and 28 more | 2024-08-06 | 5.5 Medium |
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. | ||||
CVE-2016-3627 | 7 Canonical, Debian, Hp and 4 more | 15 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 12 more | 2024-08-06 | 7.5 High |
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. | ||||
CVE-2016-3584 | 1 Oracle | 1 Solaris | 2024-08-06 | N/A |
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Libadimalloc. | ||||
CVE-2016-3465 | 1 Oracle | 1 Solaris | 2024-08-05 | N/A |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to ZFS. | ||||
CVE-2016-3462 | 1 Oracle | 1 Solaris | 2024-08-05 | N/A |
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Network Configuration Service. | ||||
CVE-2016-3453 | 1 Oracle | 1 Solaris | 2024-08-05 | N/A |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to Kernel. | ||||
CVE-2016-3497 | 1 Oracle | 1 Solaris | 2024-08-05 | N/A |
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-5469 and CVE-2016-5471. | ||||
CVE-2016-3441 | 1 Oracle | 1 Solaris | 2024-08-05 | 7.8 High |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Filesystem. | ||||
CVE-2016-3419 | 1 Oracle | 1 Solaris | 2024-08-05 | 3.3 Low |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to Filesystem. | ||||
CVE-2016-2776 | 4 Hp, Isc, Oracle and 1 more | 10 Hp-ux, Bind, Linux and 7 more | 2024-08-05 | N/A |
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. | ||||
CVE-2016-2381 | 5 Canonical, Debian, Opensuse and 2 more | 10 Ubuntu Linux, Debian Linux, Opensuse and 7 more | 2024-08-05 | 7.5 High |
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. | ||||
CVE-2016-2334 | 3 7-zip, Fedoraproject, Oracle | 3 7-zip, Fedora, Solaris | 2024-08-05 | N/A |
Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image. | ||||
CVE-2016-2177 | 4 Hp, Openssl, Oracle and 1 more | 9 Icewall Mcrp, Icewall Sso, Icewall Sso Agent Option and 6 more | 2024-08-05 | N/A |
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. | ||||
CVE-2016-2178 | 7 Canonical, Debian, Nodejs and 4 more | 10 Ubuntu Linux, Debian Linux, Node.js and 7 more | 2024-08-05 | 5.5 Medium |
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. | ||||
CVE-2016-1283 | 5 Fedoraproject, Oracle, Pcre and 2 more | 5 Fedora, Solaris, Pcre and 2 more | 2024-08-05 | 9.8 Critical |
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |