Vulnerabilities > Oracle > Solaris > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-10-21 CVE-2020-14871 Out-of-bounds Write vulnerability in Oracle Solaris 10/11/9
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module).
network
low complexity
oracle CWE-787
critical
10.0
2020-03-12 CVE-2020-10108 HTTP Request Smuggling vulnerability in multiple products
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability.
network
low complexity
twistedmatrix fedoraproject debian canonical oracle CWE-444
critical
9.8
2017-08-08 CVE-2017-3632 Unspecified vulnerability in Oracle Solaris 10/11
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: CDE Calendar).
network
low complexity
oracle
critical
10.0
2017-04-24 CVE-2017-3623 Remote Code Execution vulnerability in Oracle Solaris
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC).
network
low complexity
oracle
critical
10.0
2016-12-13 CVE-2016-5687 Out-of-bounds Read vulnerability in multiple products
The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.
network
low complexity
imagemagick oracle CWE-125
critical
9.8
2016-12-13 CVE-2016-5689 NULL Pointer Dereference vulnerability in multiple products
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.
network
low complexity
oracle imagemagick CWE-476
critical
9.8
2016-12-13 CVE-2016-5690 NULL Pointer Dereference vulnerability in multiple products
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.
network
low complexity
oracle imagemagick CWE-476
critical
9.8
2016-12-13 CVE-2016-5691 Improper Input Validation vulnerability in multiple products
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.
network
low complexity
oracle imagemagick CWE-20
critical
9.8
2016-06-20 CVE-2016-2177 Integer Overflow or Wraparound vulnerability in multiple products
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
network
low complexity
hp openssl oracle CWE-190
critical
9.8
2016-06-10 CVE-2016-5118 The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
network
low complexity
graphicsmagick suse oracle opensuse canonical debian imagemagick
critical
9.8