Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Oracle Subscribe
Filtered by product Solaris
Total 675 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-2718 1 Oracle 1 Solaris 2018-04-25 7.8 HIGH 7.5 HIGH
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2016-0215 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2018-02-05 4.0 MEDIUM 6.5 MEDIUM
IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database.
CVE-2018-2710 1 Oracle 1 Solaris 2018-01-26 7.8 HIGH 7.5 HIGH
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 10. Easily exploitable vulnerability allows unauthenticated attacker with network access via ICMP to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2015-8786 2 Oracle, Pivotal Software 2 Solaris, Rabbitmq 2018-01-04 6.8 MEDIUM 6.5 MEDIUM
The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter.
CVE-2015-2721 5 Canonical, Debian, Mozilla and 2 more 11 Ubuntu Linux, Debian Linux, Firefox and 8 more 2018-01-04 4.3 MEDIUM N/A
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue.
CVE-2013-6629 3 Artifex, Google, Oracle 3 Gpl Ghostscript, Chrome, Solaris 2018-01-04 5.0 MEDIUM N/A
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
CVE-2015-4020 2 Oracle, Rubygems 2 Solaris, Rubygems 2017-12-08 4.3 MEDIUM N/A
RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.
CVE-2016-2334 3 7-zip, Fedoraproject, Oracle 3 7-zip, Fedora, Solaris 2017-12-02 9.3 HIGH 7.8 HIGH
Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.
CVE-2015-5963 3 Canonical, Djangoproject, Oracle 3 Ubuntu Linux, Django, Solaris 2017-10-02 5.0 MEDIUM N/A
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.
CVE-2015-5144 4 Canonical, Debian, Djangoproject and 1 more 4 Ubuntu Linux, Debian Linux, Django and 1 more 2017-09-21 4.3 MEDIUM N/A
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.
CVE-2015-2580 1 Oracle 1 Solaris 2017-09-21 1.9 LOW N/A
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to NFSv4.
CVE-2015-2589 1 Oracle 1 Solaris 2017-09-21 4.9 MEDIUM N/A
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to S10 Branded Zone.
CVE-2015-5143 4 Canonical, Debian, Djangoproject and 1 more 4 Ubuntu Linux, Debian Linux, Django and 1 more 2017-09-21 7.8 HIGH N/A
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.
CVE-2015-2609 1 Oracle 1 Solaris 2017-09-21 4.9 MEDIUM N/A
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to CPU performance counters drivers.
CVE-2015-4770 1 Oracle 1 Solaris 2017-09-21 4.9 MEDIUM N/A
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to UNIX filesystem.
CVE-2015-2614 1 Oracle 1 Solaris 2017-09-21 4.9 MEDIUM N/A
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to NVM Express SSD driver.
CVE-2015-2631 1 Oracle 1 Solaris 2017-09-21 7.2 HIGH N/A
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rmformat.
CVE-2015-2651 1 Oracle 1 Solaris 2017-09-21 3.8 LOW N/A
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to Kernel Zones virtualized NIC driver.
CVE-2015-2662 1 Oracle 1 Solaris 2017-09-21 1.9 LOW N/A
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to DHCP Server.
CVE-2010-3654 7 Adobe, Apple, Google and 4 more 9 Acrobat, Acrobat Reader, Flash Player and 6 more 2017-09-18 9.3 HIGH N/A
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.