Vulnerabilities > Oracle > Solaris

DATE CVE VULNERABILITY TITLE RISK
2016-01-03 CVE-2016-1283 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
network
low complexity
pcre php fedoraproject oracle CWE-119
critical
9.8
2015-12-06 CVE-2015-3195 Information Exposure vulnerability in multiple products
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
5.3
2015-10-01 CVE-2015-7236 Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.
network
low complexity
rpcbind-project canonical debian oracle
7.5
2015-08-08 CVE-2015-4495 The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.
network
low complexity
mozilla oracle canonical redhat suse opensuse
8.8
2015-06-09 CVE-2015-3200 Injection vulnerability in multiple products
mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.
network
low complexity
lighttpd hp oracle CWE-74
7.5
2009-08-19 CVE-2009-2857 Improper Locking vulnerability in Oracle Opensolaris and Solaris
The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory implementations, which allows local users to cause a denial of service (deadlock and system halt) via vectors involving mmap and write operations on the same file.
local
low complexity
oracle CWE-667
5.5
2008-11-04 CVE-2008-2992 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
local
low complexity
adobe oracle CWE-787
7.8
2001-06-18 CVE-2001-0249 Incorrect Calculation of Buffer Size vulnerability in multiple products
Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.
network
low complexity
hp oracle sgi CWE-131
critical
9.8