Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Solaris
(Oracle)| Repositories |
• https://github.com/ImageMagick/ImageMagick
• https://github.com/krb5/krb5 • https://github.com/torvalds/linux • https://github.com/newsoft/libvncserver • https://github.com/wireshark/wireshark |
| #Vulnerabilities | 544 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2011-05-16 | CVE-2011-0419 | Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. | Http_server, Portable_runtime, Mac_os_x, Debian_linux, Freebsd, Android, Netbsd, Openbsd, Solaris, Linux_enterprise_server | N/A | ||
| 2007-02-12 | CVE-2007-0882 | Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account. | Solaris, Sunos | N/A | ||
| 2014-02-06 | CVE-2014-1478 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors. | Ubuntu_linux, Firefox, Seamonkey, Opensuse, Solaris | N/A | ||
| 2014-02-06 | CVE-2014-1483 | Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions. | Ubuntu_linux, Firefox, Seamonkey, Opensuse, Solaris, Linux_enterprise_desktop, Linux_enterprise_server, Suse_linux_enterprise_software_development_kit | N/A | ||
| 2014-02-06 | CVE-2014-1485 | The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions. | Ubuntu_linux, Firefox, Seamonkey, Opensuse, Solaris, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | N/A | ||
| 2014-02-06 | CVE-2014-1488 | The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js. | Ubuntu_linux, Firefox, Seamonkey, Opensuse, Solaris, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | N/A | ||
| 2016-05-17 | CVE-2016-3627 | The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. | Ubuntu_linux, Debian_linux, Icewall_federation_agent, Icewall_file_manager, Leap, Solaris, Vm_server, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_workstation, Jboss_core_services, Libxml2 | 7.5 | ||
| 2003-03-07 | CVE-2002-1337 | Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c. | Linux, Alphaserver_sc, Hp\-Ux, Netbsd, Solaris, Sendmail, Sunos, Bsdos, Platform_sa | N/A | ||
| 1997-02-06 | CVE-1999-0046 | Buffer overflow of rlogin program using TERM environmental variable. | Bsd_os, Debian_linux, Ultrix, Freebsd, Hp\-Ux, Aix, Netbsd, Nextstep, Solaris, Sunos | N/A | ||
| 2001-06-18 | CVE-2001-0249 | Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings. | Hp\-Ux, Solaris, Irix | 9.8 |