Vulnerabilities > Oracle > Solaris

DATE CVE VULNERABILITY TITLE RISK
2016-04-21 CVE-2016-0676 Unspecified vulnerability in Oracle Solaris 10
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to the kernel.
local
high complexity
oracle
4.7
2016-04-21 CVE-2016-0669 Unspecified vulnerability in Oracle Solaris 11.3
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Fwflash.
local
low complexity
oracle
6.0
2016-04-21 CVE-2016-0623 Unspecified vulnerability in Oracle Solaris 11.3
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect integrity via vectors related to the Automated Installer sub-component.
network
low complexity
oracle
4.7
2016-04-08 CVE-2016-2381 Improper Input Validation vulnerability in multiple products
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
network
low complexity
perl debian oracle opensuse canonical CWE-20
7.5
2016-04-07 CVE-2015-2774 Information Exposure vulnerability in multiple products
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
network
high complexity
erlang oracle opensuse CWE-200
5.9
2016-02-13 CVE-2015-8629 Out-of-bounds Read vulnerability in multiple products
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
network
high complexity
mit oracle debian opensuse redhat CWE-125
5.3
2016-02-03 CVE-2015-7546 Insufficiently Protected Credentials vulnerability in multiple products
The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.
network
high complexity
openstack oracle CWE-522
7.5
2016-01-20 CVE-2015-5295 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero.
network
low complexity
openstack redhat oracle fedoraproject CWE-119
5.4
2016-01-14 CVE-2016-0778 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
network
high complexity
oracle openbsd apple hp sophos CWE-119
8.1
2016-01-14 CVE-2016-0777 Information Exposure vulnerability in multiple products
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
network
low complexity
sophos oracle openbsd hp apple CWE-200
6.5