| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-2901 |
|
|
DoS |
2018-07-18 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via DHCP to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). |
|
2 |
CVE-2015-4907 |
|
|
|
2015-10-22 |
2016-12-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4820. |
|
3 |
CVE-2015-4891 |
|
|
|
2015-10-21 |
2016-12-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to NSCD. |
|
4 |
CVE-2015-4869 |
|
|
|
2015-10-21 |
2016-12-24 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via unknown vectors related to Kernel. |
|
5 |
CVE-2015-4837 |
|
|
|
2015-10-21 |
2016-12-24 |
6.6 |
None |
Local |
Medium |
??? |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Security. |
|
6 |
CVE-2015-4834 |
|
|
|
2015-10-21 |
2016-12-24 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Zones. |
|
7 |
CVE-2015-4831 |
|
|
|
2015-10-21 |
2016-12-24 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4822. |
|
8 |
CVE-2015-4822 |
|
|
|
2015-10-21 |
2016-12-24 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4831. |
|
9 |
CVE-2015-4820 |
|
|
|
2015-10-21 |
2016-12-24 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4907. |
|
10 |
CVE-2015-4817 |
|
|
|
2015-10-21 |
2016-12-24 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel Zones virtualized NIC driver. |
|
11 |
CVE-2015-4801 |
|
|
|
2015-10-21 |
2016-12-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality via unknown vectors related to Solaris Kernel Zones. |
|
12 |
CVE-2015-4770 |
|
|
|
2015-07-16 |
2017-09-22 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to UNIX filesystem. |
|
13 |
CVE-2015-4024 |
399 |
|
DoS |
2015-06-09 |
2019-12-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome. |
|
14 |
CVE-2015-3988 |
79 |
|
XSS |
2015-05-19 |
2016-12-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate. |
|
15 |
CVE-2015-3814 |
189 |
|
DoS |
2015-05-26 |
2017-07-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. |
|
16 |
CVE-2015-3812 |
399 |
|
DoS |
2015-05-26 |
2019-12-27 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet. |
|
17 |
CVE-2015-3811 |
17 |
|
DoS |
2015-05-26 |
2019-12-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188. |
|
18 |
CVE-2015-3646 |
200 |
|
+Info |
2015-05-12 |
2020-06-02 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs. |
|
19 |
CVE-2015-3455 |
20 |
|
|
2015-05-18 |
2019-12-27 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate. |
|
20 |
CVE-2015-3330 |
20 |
|
DoS Exec Code |
2015-06-09 |
2019-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter." |
|
21 |
CVE-2015-3329 |
119 |
|
Exec Code Overflow |
2015-06-09 |
2019-12-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive. |
|
22 |
CVE-2015-3294 |
19 |
|
DoS |
2015-05-08 |
2018-10-09 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request. |
|
23 |
CVE-2015-3219 |
79 |
|
XSS |
2015-08-20 |
2016-12-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class. |
|
24 |
CVE-2015-2774 |
200 |
|
+Info |
2016-04-07 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). |
|
25 |
CVE-2015-2662 |
|
|
|
2015-07-16 |
2017-09-22 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to DHCP Server. |
|
26 |
CVE-2015-2651 |
|
|
|
2015-07-16 |
2017-09-22 |
3.8 |
None |
Local |
High |
??? |
None |
None |
Complete |
|
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to Kernel Zones virtualized NIC driver. |
|
27 |
CVE-2015-2642 |
|
|
|
2015-10-21 |
2016-12-24 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gzip. |
|
28 |
CVE-2015-2631 |
|
|
|
2015-07-16 |
2017-09-22 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rmformat. |
|
29 |
CVE-2015-2614 |
|
|
|
2015-07-16 |
2017-09-22 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to NVM Express SSD driver. |
|
30 |
CVE-2015-2609 |
|
|
|
2015-07-16 |
2017-09-22 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to CPU performance counters drivers. |
|
31 |
CVE-2015-2589 |
|
|
|
2015-07-16 |
2017-09-22 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to S10 Branded Zone. |
|
32 |
CVE-2015-2580 |
|
|
|
2015-07-16 |
2017-09-22 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to NFSv4. |
|
33 |
CVE-2015-2578 |
|
|
|
2015-04-16 |
2017-01-03 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows remote attackers to affect availability via vectors related to Kernel IDMap. |
|
34 |
CVE-2015-2317 |
79 |
|
XSS |
2015-03-25 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL. |
|
35 |
CVE-2015-2316 |
399 |
|
DoS |
2015-03-25 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string. |
|
36 |
CVE-2015-2190 |
19 |
|
DoS |
2015-03-08 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector. |
|
37 |
CVE-2015-2189 |
189 |
|
DoS |
2015-03-08 |
2019-12-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet. |
|
38 |
CVE-2015-2188 |
19 |
|
DoS |
2015-03-08 |
2019-12-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. |
|
39 |
CVE-2015-2155 |
|
|
DoS Exec Code |
2015-03-24 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. |
|
40 |
CVE-2015-1380 |
20 |
|
DoS |
2015-02-03 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. |
|
41 |
CVE-2015-1351 |
416 |
|
DoS |
2015-03-30 |
2022-08-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |
|
42 |
CVE-2015-1196 |
59 |
|
|
2015-01-21 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. |
|
43 |
CVE-2015-1038 |
59 |
|
|
2015-01-21 |
2017-09-08 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive. |
|
44 |
CVE-2015-0973 |
119 |
|
Exec Code Overflow |
2015-01-18 |
2016-10-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495. |
|
45 |
CVE-2015-0564 |
119 |
|
DoS Overflow |
2015-01-10 |
2019-12-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session. |
|
46 |
CVE-2015-0561 |
20 |
|
DoS |
2015-01-10 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. |
|
47 |
CVE-2015-0471 |
|
|
|
2015-04-16 |
2017-01-03 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libelfsign. |
|
48 |
CVE-2015-0448 |
|
|
|
2015-04-16 |
2017-01-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to ZFS File system. |
|
49 |
CVE-2014-9674 |
|
|
DoS Overflow |
2015-02-08 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. |
|
50 |
CVE-2014-9672 |
119 |
|
DoS Overflow +Info |
2015-02-08 |
2018-10-30 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file. |
