Filtered by vendor Oracle
Subscriptions
Filtered by product Solaris
Subscriptions
Total
727 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-4492 | 5 Canonical, Mozilla, Opensuse and 2 more | 5 Ubuntu Linux, Firefox, Opensuse and 2 more | 2024-10-22 | N/A |
Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object. | ||||
CVE-2015-4487 | 5 Canonical, Mozilla, Opensuse and 2 more | 6 Ubuntu Linux, Firefox, Firefox Os and 3 more | 2024-10-22 | N/A |
The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow." | ||||
CVE-2023-29259 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Sterling Connect\, Linux Kernel and 2 more | 2024-10-21 | 3.7 Low |
IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055. | ||||
CVE-2021-38933 | 3 Ibm, Linux, Oracle | 4 Aix, Sterling Connect\, Linux Kernel and 1 more | 2024-10-21 | 5.9 Medium |
IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574. | ||||
CVE-2023-28513 | 5 Hp, Ibm, Linux and 2 more | 9 Hp-ux, Aix, I and 6 more | 2024-10-21 | 5.9 Medium |
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397. | ||||
CVE-2014-1563 | 3 Mozilla, Opensuse, Oracle | 5 Firefox, Thunderbird, Evergreen and 2 more | 2024-10-21 | N/A |
Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incorrect cycle collection. | ||||
CVE-2014-1557 | 4 Debian, Mozilla, Oracle and 1 more | 6 Debian Linux, Firefox, Firefox Esr and 3 more | 2024-10-21 | N/A |
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image. | ||||
CVE-2024-45071 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-10-21 | 5.5 Medium |
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
CVE-2024-45072 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-10-21 | 5.5 Medium |
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources. | ||||
CVE-2023-47746 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, Db2 and 5 more | 2024-10-21 | 5.3 Medium |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644. | ||||
CVE-2016-0623 | 1 Oracle | 1 Solaris | 2024-10-15 | N/A |
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect integrity via vectors related to the Automated Installer sub-component. | ||||
CVE-2016-0669 | 1 Oracle | 1 Solaris | 2024-10-15 | N/A |
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Fwflash. | ||||
CVE-2016-0676 | 1 Oracle | 1 Solaris | 2024-10-15 | N/A |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to the kernel. | ||||
CVE-2016-0693 | 1 Oracle | 1 Solaris | 2024-10-15 | N/A |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the PAM LDAP module. | ||||
CVE-2016-3419 | 1 Oracle | 1 Solaris | 2024-10-15 | 3.3 Low |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to Filesystem. | ||||
CVE-2016-3441 | 1 Oracle | 1 Solaris | 2024-10-15 | 7.8 High |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Filesystem. | ||||
CVE-2016-3462 | 1 Oracle | 1 Solaris | 2024-10-15 | N/A |
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Network Configuration Service. | ||||
CVE-2016-3465 | 1 Oracle | 1 Solaris | 2024-10-15 | N/A |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to ZFS. | ||||
CVE-2019-2804 | 1 Oracle | 1 Solaris | 2024-10-15 | N/A |
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Filesystem). Supported versions that are affected are 11.4 and 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). | ||||
CVE-2019-2820 | 1 Oracle | 1 Solaris | 2024-10-15 | N/A |
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Gnuplot). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). |