Oracle

Solaris

546 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2016-2178

  • EPSS 0.33%
  • Veröffentlicht 20.06.2016 01:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

9.8

CVE-2016-2177

  • EPSS 29.84%
  • Veröffentlicht 20.06.2016 01:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveragi...

10

CVE-2016-5118

  • EPSS 35.42%
  • Veröffentlicht 10.06.2016 15:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

7.5

CVE-2016-3627

  • EPSS 0.29%
  • Veröffentlicht 17.05.2016 14:08:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML doc...

5.5

CVE-2016-3718

Warnung
  • EPSS 79.25%
  • Veröffentlicht 05.05.2016 18:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

5.8

CVE-2016-3715

Warnung Exploit
  • EPSS 79.8%
  • Veröffentlicht 05.05.2016 18:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

5.9

CVE-2016-4085

  • EPSS 0.65%
  • Veröffentlicht 25.04.2016 10:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long st...

5.9

CVE-2016-4082

  • EPSS 0.23%
  • Veröffentlicht 25.04.2016 10:59:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and appl...

5.9

CVE-2016-4079

  • EPSS 0.23%
  • Veröffentlicht 25.04.2016 10:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via ...

5.5

CVE-2016-3465

  • EPSS 0.07%
  • Veröffentlicht 21.04.2016 11:00:43
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to ZFS.