CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Oracle » Solaris » 11.2 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-2901 DoS 2018-07-18 2019-10-03
4.3
None Remote Medium Not required None None Partial
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via DHCP to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
2 CVE-2015-4907 2015-10-22 2016-12-24
4.6
None Local Low Not required Partial Partial Partial
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4820.
3 CVE-2015-4891 2015-10-21 2016-12-24
4.6
None Local Low Not required Partial Partial Partial
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to NSCD.
4 CVE-2015-4869 2015-10-21 2016-12-24
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via unknown vectors related to Kernel.
5 CVE-2015-4837 2015-10-21 2016-12-24
6.6
None Local Medium ??? Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Security.
6 CVE-2015-4834 2015-10-21 2016-12-24
3.7
None Local High Not required Partial Partial Partial
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Zones.
7 CVE-2015-4831 2015-10-21 2016-12-24
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4822.
8 CVE-2015-4822 2015-10-21 2016-12-24
1.2
None Local High Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4831.
9 CVE-2015-4820 2015-10-21 2016-12-24
6.2
None Local High Not required Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4907.
10 CVE-2015-4817 2015-10-21 2016-12-24
6.2
None Local High Not required Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel Zones virtualized NIC driver.
11 CVE-2015-4801 2015-10-21 2016-12-24
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality via unknown vectors related to Solaris Kernel Zones.
12 CVE-2015-4770 2015-07-16 2017-09-22
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to UNIX filesystem.
13 CVE-2015-4024 399 DoS 2015-06-09 2019-12-27
5.0
None Remote Low Not required None None Partial
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.
14 CVE-2015-3988 79 XSS 2015-05-19 2016-12-24
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate.
15 CVE-2015-3814 189 DoS 2015-05-26 2017-07-01
5.0
None Remote Low Not required None None Partial
The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
16 CVE-2015-3812 399 DoS 2015-05-26 2019-12-27
7.8
None Remote Low Not required None None Complete
Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet.
17 CVE-2015-3811 17 DoS 2015-05-26 2019-12-27
5.0
None Remote Low Not required None None Partial
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188.
18 CVE-2015-3646 200 +Info 2015-05-12 2020-06-02
4.0
None Remote Low ??? Partial None None
OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.
19 CVE-2015-3455 20 2015-05-18 2019-12-27
2.6
None Remote High Not required None Partial None
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.
20 CVE-2015-3330 20 DoS Exec Code 2015-06-09 2019-12-27
6.8
None Remote Medium Not required Partial Partial Partial
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter."
21 CVE-2015-3329 119 Exec Code Overflow 2015-06-09 2019-12-27
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.
22 CVE-2015-3294 19 DoS 2015-05-08 2018-10-09
6.4
None Remote Low Not required Partial None Partial
The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.
23 CVE-2015-3219 79 XSS 2015-08-20 2016-12-24
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.
24 CVE-2015-2774 200 +Info 2016-04-07 2018-10-30
4.3
None Remote Medium Not required Partial None None
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
25 CVE-2015-2662 2015-07-16 2017-09-22
1.9
None Local Medium Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to DHCP Server.
26 CVE-2015-2651 2015-07-16 2017-09-22
3.8
None Local High ??? None None Complete
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to Kernel Zones virtualized NIC driver.
27 CVE-2015-2642 2015-10-21 2016-12-24
4.4
None Local Medium Not required Partial Partial Partial
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gzip.
28 CVE-2015-2631 2015-07-16 2017-09-22
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rmformat.
29 CVE-2015-2614 2015-07-16 2017-09-22
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to NVM Express SSD driver.
30 CVE-2015-2609 2015-07-16 2017-09-22
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to CPU performance counters drivers.
31 CVE-2015-2589 2015-07-16 2017-09-22
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to S10 Branded Zone.
32 CVE-2015-2580 2015-07-16 2017-09-22
1.9
None Local Medium Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to NFSv4.
33 CVE-2015-2578 2015-04-16 2017-01-03
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows remote attackers to affect availability via vectors related to Kernel IDMap.
34 CVE-2015-2317 79 XSS 2015-03-25 2018-10-30
4.3
None Remote Medium Not required None Partial None
The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL.
35 CVE-2015-2316 399 DoS 2015-03-25 2018-10-30
5.0
None Remote Low Not required None None Partial
The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.
36 CVE-2015-2190 19 DoS 2015-03-08 2018-10-30
5.0
None Remote Low Not required None None Partial
epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector.
37 CVE-2015-2189 189 DoS 2015-03-08 2019-12-27
5.0
None Remote Low Not required None None Partial
Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.
38 CVE-2015-2188 19 DoS 2015-03-08 2019-12-27
5.0
None Remote Low Not required None None Partial
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression.
39 CVE-2015-2155 DoS Exec Code 2015-03-24 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
40 CVE-2015-1380 20 DoS 2015-02-03 2018-10-30
5.0
None Remote Low Not required None None Partial
jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.
41 CVE-2015-1351 416 DoS 2015-03-30 2022-08-04
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
42 CVE-2015-1196 59 2015-01-21 2018-10-30
4.3
None Remote Medium Not required None Partial None
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
43 CVE-2015-1038 59 2015-01-21 2017-09-08
5.8
None Remote Medium Not required None Partial Partial
p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
44 CVE-2015-0973 119 Exec Code Overflow 2015-01-18 2016-10-20
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.
45 CVE-2015-0564 119 DoS Overflow 2015-01-10 2019-12-27
5.0
None Remote Low Not required None None Partial
Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session.
46 CVE-2015-0561 20 DoS 2015-01-10 2018-10-30
5.0
None Remote Low Not required None None Partial
asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.
47 CVE-2015-0471 2015-04-16 2017-01-03
4.4
None Local Medium Not required Partial Partial Partial
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libelfsign.
48 CVE-2015-0448 2015-04-16 2017-01-03
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to ZFS File system.
49 CVE-2014-9674 DoS Overflow 2015-02-08 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.
50 CVE-2014-9672 119 DoS Overflow +Info 2015-02-08 2018-10-30
5.8
None Remote Medium Not required Partial None Partial
Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file.
Total number of vulnerabilities : 78   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.