Summary
| Detail | |||
|---|---|---|---|
| Vendor | Oracle | First view | 2013-03-08 |
| Product | Solaris | Last view | 2018-07-18 |
| Version | 11.2 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:oracle:solaris | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 3.7 | 2018-07-18 | CVE-2018-2901 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via DHCP to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). |
| 5.9 | 2016-04-07 | CVE-2015-2774 | Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). |
| 4.6 | 2015-10-21 | CVE-2015-4907 | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4820. |
| 4.6 | 2015-10-21 | CVE-2015-4891 | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to NSCD. |
| 4.9 | 2015-10-21 | CVE-2015-4869 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via unknown vectors related to Kernel. |
| 6.6 | 2015-10-21 | CVE-2015-4837 | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Security. |
| 3.7 | 2015-10-21 | CVE-2015-4834 | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Zones. |
| 4.9 | 2015-10-21 | CVE-2015-4831 | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4822. |
| 1.2 | 2015-10-21 | CVE-2015-4822 | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4831. |
| 6.2 | 2015-10-21 | CVE-2015-4820 | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4907. |
| 6.2 | 2015-10-21 | CVE-2015-4817 | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel Zones virtualized NIC driver. |
| 2.1 | 2015-10-21 | CVE-2015-4801 | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality via unknown vectors related to Solaris Kernel Zones. |
| 4.4 | 2015-10-21 | CVE-2015-2642 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gzip. |
| 4.3 | 2015-08-20 | CVE-2015-3219 | Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class. |
| 4.9 | 2015-07-16 | CVE-2015-4770 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to UNIX filesystem. |
| 1.9 | 2015-07-16 | CVE-2015-2662 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to DHCP Server. |
| 3.8 | 2015-07-16 | CVE-2015-2651 | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to Kernel Zones virtualized NIC driver. |
| 7.2 | 2015-07-16 | CVE-2015-2631 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rmformat. |
| 4.9 | 2015-07-16 | CVE-2015-2614 | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to NVM Express SSD driver. |
| 4.9 | 2015-07-16 | CVE-2015-2609 | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to CPU performance counters drivers. |
| 4.9 | 2015-07-16 | CVE-2015-2589 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to S10 Branded Zone. |
| 1.9 | 2015-07-16 | CVE-2015-2580 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to NFSv4. |
| 5 | 2015-06-09 | CVE-2015-4024 | Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome. |
| 6.8 | 2015-06-09 | CVE-2015-3330 | The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter." |
| 7.5 | 2015-06-09 | CVE-2015-3329 | Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 18% (9) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 14% (7) | CWE-20 | Improper Input Validation |
| 8% (4) | CWE-399 | Resource Management Errors |
| 8% (4) | CWE-200 | Information Exposure |
| 8% (4) | CWE-189 | Numeric Errors |
| 6% (3) | CWE-125 | Out-of-bounds Read |
| 6% (3) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 6% (3) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 6% (3) | CWE-19 | Data Handling |
| 4% (2) | CWE-476 | NULL Pointer Dereference |
| 4% (2) | CWE-190 | Integer Overflow or Wraparound |
| 2% (1) | CWE-416 | Use After Free |
| 2% (1) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 2% (1) | CWE-287 | Improper Authentication |
| 2% (1) | CWE-191 | Integer Underflow (Wrap or Wraparound) |
| 2% (1) | CWE-17 | Code |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 76741 | net6 basic_server::id_counter Overflow Session Hijacking |
| 76739 | net6 libobby Color Collision Check User Enumeration |
ExploitDB Exploits
| id | Description |
|---|---|
| 35359 | tcpdump 4.6.2 Geonet Decoder Denial of Service |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-04-02 | Name : Fedora Update for net6 FEDORA-2011-15363 File : nvt/gb_fedora_2011_15363_net6_fc16.nasl |
| 2011-11-25 | Name : Fedora Update for net6 FEDORA-2011-15326 File : nvt/gb_fedora_2011_15326_net6_fc15.nasl |
| 2011-11-25 | Name : Fedora Update for net6 FEDORA-2011-15332 File : nvt/gb_fedora_2011_15332_net6_fc14.nasl |
| 2011-07-27 | Name : Fedora Update for vte3 FEDORA-2011-9330 File : nvt/gb_fedora_2011_9330_vte3_fc15.nasl |
| 2011-07-27 | Name : Fedora Update for vte FEDORA-2011-9330 File : nvt/gb_fedora_2011_9330_vte_fc15.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0199 | Multiple Vulnerabilities in Apple Mac OS X Severity: Category I - VMSKEY: V0061337 |
| 2015-A-0156 | Multiple Vulnerabilities in Oracle & Sun Systems Products Suite Severity: Category I - VMSKEY: V0061085 |
| 2014-B-0019 | Multiple Vulnerabilities in Apache Tomcat Severity: Category I - VMSKEY: V0044527 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2017-10-24 | PHP form-based file upload DoS attempt RuleID : 44390 - Type : SERVER-WEBAPP - Revision : 2 |
| 2016-03-14 | Squid Pinger IPv6 denial of service attempt RuleID : 36651 - Type : PROTOCOL-ICMP - Revision : 2 |
| 2016-03-14 | Squid Pinger IPv6 denial of service attempt RuleID : 36650 - Type : PROTOCOL-ICMP - Revision : 2 |
| 2016-03-14 | Squid snmphandleUDP off-by-one buffer overflow attempt RuleID : 36493 - Type : SERVER-OTHER - Revision : 4 |
| 2015-08-11 | PHP core compressed file temp_len buffer overflow attempt RuleID : 35093 - Type : SERVER-OTHER - Revision : 3 |
| 2015-08-11 | PHP core compressed file temp_len buffer overflow attempt RuleID : 35092 - Type : SERVER-OTHER - Revision : 2 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-02-01 | Name: The remote Debian host is missing a security update. File: debian_DLA-1265.nasl - Type: ACT_GATHER_INFO |
| 2017-10-03 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-2616-1.nasl - Type: ACT_GATHER_INFO |
| 2017-10-03 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-2617-1.nasl - Type: ACT_GATHER_INFO |
| 2017-10-03 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-2619-1.nasl - Type: ACT_GATHER_INFO |
| 2017-09-08 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2017-1179.nasl - Type: ACT_GATHER_INFO |
| 2017-09-08 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2017-1180.nasl - Type: ACT_GATHER_INFO |
| 2017-08-25 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2017-1871.nasl - Type: ACT_GATHER_INFO |
| 2017-08-22 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20170801_tcpdump_on_SL7_x.nasl - Type: ACT_GATHER_INFO |
| 2017-08-09 | Name: The remote Oracle Linux host is missing a security update. File: oraclelinux_ELSA-2017-1871.nasl - Type: ACT_GATHER_INFO |
| 2017-08-03 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-1871.nasl - Type: ACT_GATHER_INFO |
| 2017-05-09 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-557.nasl - Type: ACT_GATHER_INFO |
| 2017-05-01 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2016-1044.nasl - Type: ACT_GATHER_INFO |
| 2017-05-01 | Name: The remote Debian host is missing a security update. File: debian_DLA-928.nasl - Type: ACT_GATHER_INFO |
| 2017-04-27 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-1110-1.nasl - Type: ACT_GATHER_INFO |
| 2017-04-06 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20170321_wireshark_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
| 2017-04-05 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2017-813.nasl - Type: ACT_GATHER_INFO |
| 2017-03-30 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2017-0631.nasl - Type: ACT_GATHER_INFO |
| 2017-03-27 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2017-0631.nasl - Type: ACT_GATHER_INFO |
| 2017-03-22 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-0631.nasl - Type: ACT_GATHER_INFO |
| 2017-03-14 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-3229-1.nasl - Type: ACT_GATHER_INFO |
| 2017-03-14 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-3230-1.nasl - Type: ACT_GATHER_INFO |
| 2016-12-12 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201612-30.nasl - Type: ACT_GATHER_INFO |
| 2016-12-05 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201612-03.nasl - Type: ACT_GATHER_INFO |
| 2016-10-03 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-3090-2.nasl - Type: ACT_GATHER_INFO |
| 2016-09-28 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-3090-1.nasl - Type: ACT_GATHER_INFO |
