Oracle

Solaris

548 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2016-4953

  • EPSS 13.35%
  • Veröffentlicht 05.07.2016 01:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.

8.8

CVE-2016-4971

Exploit
  • EPSS 75.59%
  • Veröffentlicht 30.06.2016 17:59:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.

5.5

CVE-2016-2178

  • EPSS 0.28%
  • Veröffentlicht 20.06.2016 01:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

9.8

CVE-2016-2177

  • EPSS 36.26%
  • Veröffentlicht 20.06.2016 01:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveragi...

10

CVE-2016-5118

  • EPSS 35.42%
  • Veröffentlicht 10.06.2016 15:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

7.5

CVE-2016-3627

  • EPSS 0.16%
  • Veröffentlicht 17.05.2016 14:08:02
  • Zuletzt bearbeitet 04.12.2025 17:15:48

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML doc...

5.5

CVE-2016-3718

Warnung
  • EPSS 79.25%
  • Veröffentlicht 05.05.2016 18:59:08
  • Zuletzt bearbeitet 22.10.2025 00:15:52

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

5.8

CVE-2016-3715

Warnung Exploit
  • EPSS 79.8%
  • Veröffentlicht 05.05.2016 18:59:04
  • Zuletzt bearbeitet 22.10.2025 00:15:51

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

5.9

CVE-2016-4085

  • EPSS 0.65%
  • Veröffentlicht 25.04.2016 10:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long st...

5.9

CVE-2016-4082

  • EPSS 0.23%
  • Veröffentlicht 25.04.2016 10:59:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and appl...