Solaris

DATE	CVE	VULNERABILITY TITLE	RISK
2016-07-05	CVE-2016-4954	Race Condition vulnerability in multiple products The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. network low complexity ntp oracle suse opensuse siemens CWE-362	7.5
2016-07-05	CVE-2016-4953	Improper Authentication vulnerability in multiple products ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. network low complexity ntp oracle suse opensuse siemens CWE-287	7.5
2016-06-30	CVE-2016-4971	GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. network low complexity gnu canonical oracle paloaltonetworks	8.8
2016-06-20	CVE-2016-2178	Information Exposure Through Discrepancy vulnerability in multiple products The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. local low complexity openssl oracle suse nodejs debian canonical CWE-203	5.5
2016-06-20	CVE-2016-2177	Integer Overflow or Wraparound vulnerability in multiple products OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. network low complexity hp openssl oracle CWE-190 critical	9.8
2016-06-10	CVE-2016-5118	The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a \| (pipe) character at the start of a filename. network low complexity graphicsmagick suse oracle opensuse canonical debian imagemagick critical	9.8
2016-05-17	CVE-2016-3627	Uncontrolled Recursion vulnerability in multiple products The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. network low complexity opensuse debian hp xmlsoft canonical redhat oracle CWE-674	7.5
2016-05-05	CVE-2016-3718	Server-Side Request Forgery (SSRF) vulnerability in multiple products The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. local low complexity redhat imagemagick canonical oracle suse opensuse CWE-918	5.5
2016-05-05	CVE-2016-3715	The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. local low complexity redhat imagemagick canonical oracle suse opensuse	5.5
2016-04-25	CVE-2016-4085	Improper Input Validation vulnerability in multiple products Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet. network high complexity oracle debian wireshark CWE-20	5.9