This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Oracle First view 2013-03-08
Product Solaris Last view 2018-07-18
Version 11.2 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:oracle:solaris

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
3.7 2018-07-18 CVE-2018-2901

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via DHCP to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

5.9 2016-04-07 CVE-2015-2774

Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).

4.6 2015-10-21 CVE-2015-4907

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4820.

4.6 2015-10-21 CVE-2015-4891

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to NSCD.

4.9 2015-10-21 CVE-2015-4869

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via unknown vectors related to Kernel.

6.6 2015-10-21 CVE-2015-4837

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Security.

3.7 2015-10-21 CVE-2015-4834

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Zones.

4.9 2015-10-21 CVE-2015-4831

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4822.

1.2 2015-10-21 CVE-2015-4822

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4831.

6.2 2015-10-21 CVE-2015-4820

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4907.

6.2 2015-10-21 CVE-2015-4817

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel Zones virtualized NIC driver.

2.1 2015-10-21 CVE-2015-4801

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality via unknown vectors related to Solaris Kernel Zones.

4.4 2015-10-21 CVE-2015-2642

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gzip.

4.3 2015-08-20 CVE-2015-3219

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.

4.9 2015-07-16 CVE-2015-4770

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to UNIX filesystem.

1.9 2015-07-16 CVE-2015-2662

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to DHCP Server.

3.8 2015-07-16 CVE-2015-2651

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to Kernel Zones virtualized NIC driver.

7.2 2015-07-16 CVE-2015-2631

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rmformat.

4.9 2015-07-16 CVE-2015-2614

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to NVM Express SSD driver.

4.9 2015-07-16 CVE-2015-2609

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to CPU performance counters drivers.

4.9 2015-07-16 CVE-2015-2589

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to S10 Branded Zone.

1.9 2015-07-16 CVE-2015-2580

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to NFSv4.

5 2015-06-09 CVE-2015-4024

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.

6.8 2015-06-09 CVE-2015-3330

The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter."

7.5 2015-06-09 CVE-2015-3329

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.

CWE : Common Weakness Enumeration

%idName
19% (9) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14% (7) CWE-20 Improper Input Validation
8% (4) CWE-399 Resource Management Errors
8% (4) CWE-200 Information Exposure
8% (4) CWE-189 Numeric Errors
6% (3) CWE-125 Out-of-bounds Read
6% (3) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
6% (3) CWE-19 Data Handling
4% (2) CWE-190 Integer Overflow or Wraparound
4% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')
2% (1) CWE-476 NULL Pointer Dereference
2% (1) CWE-416 Use After Free
2% (1) CWE-287 Improper Authentication
2% (1) CWE-264 Permissions, Privileges, and Access Controls
2% (1) CWE-191 Integer Underflow (Wrap or Wraparound)
2% (1) CWE-17 Code

Open Source Vulnerability Database (OSVDB)

id Description
76741 net6 basic_server::id_counter Overflow Session Hijacking
76739 net6 libobby Color Collision Check User Enumeration

ExploitDB Exploits

id Description
35359 tcpdump 4.6.2 Geonet Decoder Denial of Service

OpenVAS Exploits

id Description
2012-04-02 Name : Fedora Update for net6 FEDORA-2011-15363
File : nvt/gb_fedora_2011_15363_net6_fc16.nasl
2011-11-25 Name : Fedora Update for net6 FEDORA-2011-15326
File : nvt/gb_fedora_2011_15326_net6_fc15.nasl
2011-11-25 Name : Fedora Update for net6 FEDORA-2011-15332
File : nvt/gb_fedora_2011_15332_net6_fc14.nasl
2011-07-27 Name : Fedora Update for vte3 FEDORA-2011-9330
File : nvt/gb_fedora_2011_9330_vte3_fc15.nasl
2011-07-27 Name : Fedora Update for vte FEDORA-2011-9330
File : nvt/gb_fedora_2011_9330_vte_fc15.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337
2015-A-0156 Multiple Vulnerabilities in Oracle & Sun Systems Products Suite
Severity: Category I - VMSKEY: V0061085
2014-B-0019 Multiple Vulnerabilities in Apache Tomcat
Severity: Category I - VMSKEY: V0044527

Snort® IPS/IDS

Date Description
2017-10-24 PHP form-based file upload DoS attempt
RuleID : 44390 - Type : SERVER-WEBAPP - Revision : 2
2016-03-14 Squid Pinger IPv6 denial of service attempt
RuleID : 36651 - Type : PROTOCOL-ICMP - Revision : 2
2016-03-14 Squid Pinger IPv6 denial of service attempt
RuleID : 36650 - Type : PROTOCOL-ICMP - Revision : 2
2016-03-14 Squid snmphandleUDP off-by-one buffer overflow attempt
RuleID : 36493 - Type : SERVER-OTHER - Revision : 4
2015-08-11 PHP core compressed file temp_len buffer overflow attempt
RuleID : 35093 - Type : SERVER-OTHER - Revision : 3
2015-08-11 PHP core compressed file temp_len buffer overflow attempt
RuleID : 35092 - Type : SERVER-OTHER - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-10-03 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2616-1.nasl - Type: ACT_GATHER_INFO
2017-10-03 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2617-1.nasl - Type: ACT_GATHER_INFO
2017-10-03 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2619-1.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1179.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1180.nasl - Type: ACT_GATHER_INFO
2017-08-25 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2017-1871.nasl - Type: ACT_GATHER_INFO
2017-08-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170801_tcpdump_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2017-1871.nasl - Type: ACT_GATHER_INFO
2017-08-03 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-1871.nasl - Type: ACT_GATHER_INFO
2017-05-09 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-557.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1044.nasl - Type: ACT_GATHER_INFO
2017-04-27 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1110-1.nasl - Type: ACT_GATHER_INFO
2017-04-06 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170321_wireshark_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2017-04-05 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-813.nasl - Type: ACT_GATHER_INFO
2017-03-30 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-0631.nasl - Type: ACT_GATHER_INFO
2017-03-27 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-0631.nasl - Type: ACT_GATHER_INFO
2017-03-22 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-0631.nasl - Type: ACT_GATHER_INFO
2017-03-14 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-3229-1.nasl - Type: ACT_GATHER_INFO
2017-03-14 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3230-1.nasl - Type: ACT_GATHER_INFO
2016-12-12 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201612-30.nasl - Type: ACT_GATHER_INFO
2016-10-03 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3090-2.nasl - Type: ACT_GATHER_INFO
2016-09-28 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3090-1.nasl - Type: ACT_GATHER_INFO
2016-09-02 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1996-1.nasl - Type: ACT_GATHER_INFO
2016-09-02 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2008-1.nasl - Type: ACT_GATHER_INFO
2016-09-02 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2089-1.nasl - Type: ACT_GATHER_INFO