Filtered by vendor Oracle Subscriptions
Filtered by product Solaris Subscriptions
Total 727 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-4492 5 Canonical, Mozilla, Opensuse and 2 more 5 Ubuntu Linux, Firefox, Opensuse and 2 more 2024-10-22 N/A
Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object.
CVE-2015-4487 5 Canonical, Mozilla, Opensuse and 2 more 6 Ubuntu Linux, Firefox, Firefox Os and 3 more 2024-10-22 N/A
The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
CVE-2023-29259 4 Ibm, Linux, Microsoft and 1 more 5 Aix, Sterling Connect\, Linux Kernel and 2 more 2024-10-21 3.7 Low
IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055.
CVE-2021-38933 3 Ibm, Linux, Oracle 4 Aix, Sterling Connect\, Linux Kernel and 1 more 2024-10-21 5.9 Medium
IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574.
CVE-2023-28513 5 Hp, Ibm, Linux and 2 more 9 Hp-ux, Aix, I and 6 more 2024-10-21 5.9 Medium
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.
CVE-2014-1563 3 Mozilla, Opensuse, Oracle 5 Firefox, Thunderbird, Evergreen and 2 more 2024-10-21 N/A
Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incorrect cycle collection.
CVE-2014-1557 4 Debian, Mozilla, Oracle and 1 more 6 Debian Linux, Firefox, Firefox Esr and 3 more 2024-10-21 N/A
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.
CVE-2024-45071 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2024-10-21 5.5 Medium
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-45072 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2024-10-21 5.5 Medium
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.
CVE-2023-47746 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, Db2 and 5 more 2024-10-21 5.3 Medium
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644.
CVE-2016-0623 1 Oracle 1 Solaris 2024-10-15 N/A
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect integrity via vectors related to the Automated Installer sub-component.
CVE-2016-0669 1 Oracle 1 Solaris 2024-10-15 N/A
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Fwflash.
CVE-2016-0676 1 Oracle 1 Solaris 2024-10-15 N/A
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to the kernel.
CVE-2016-0693 1 Oracle 1 Solaris 2024-10-15 N/A
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the PAM LDAP module.
CVE-2016-3419 1 Oracle 1 Solaris 2024-10-15 3.3 Low
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to Filesystem.
CVE-2016-3441 1 Oracle 1 Solaris 2024-10-15 7.8 High
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Filesystem.
CVE-2016-3462 1 Oracle 1 Solaris 2024-10-15 N/A
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Network Configuration Service.
CVE-2016-3465 1 Oracle 1 Solaris 2024-10-15 N/A
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to ZFS.
CVE-2019-2804 1 Oracle 1 Solaris 2024-10-15 N/A
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Filesystem). Supported versions that are affected are 11.4 and 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).
CVE-2019-2820 1 Oracle 1 Solaris 2024-10-15 N/A
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Gnuplot). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).