Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Solaris
(Oracle)| Repositories |
• https://github.com/ImageMagick/ImageMagick
• https://github.com/krb5/krb5 • https://github.com/torvalds/linux • https://github.com/newsoft/libvncserver • https://github.com/wireshark/wireshark |
| #Vulnerabilities | 544 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2015-05-19 | CVE-2015-3988 | Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate. | Horizon, Solaris | N/A | ||
| 2015-06-24 | CVE-2015-3900 | RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack." | Solaris, Enterprise_linux, Ruby, Rubygems | N/A | ||
| 2015-08-20 | CVE-2015-3219 | Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class. | Debian_linux, Horizon, Solaris | N/A | ||
| 2015-06-09 | CVE-2015-3200 | mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character. | Virtual_customer_access_system, Lighttpd, Solaris | 7.5 | ||
| 2015-04-24 | CVE-2015-3145 | The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. | Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Curl, Libcurl, System_management_homepage, Opensuse, Solaris | N/A | ||
| 2015-07-16 | CVE-2015-2662 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to DHCP Server. | Solaris | N/A | ||
| 2015-07-16 | CVE-2015-2651 | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to Kernel Zones virtualized NIC driver. | Solaris | N/A | ||
| 2015-10-21 | CVE-2015-2642 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gzip. | Solaris | N/A | ||
| 2015-07-16 | CVE-2015-2631 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rmformat. | Solaris | N/A | ||
| 2015-07-16 | CVE-2015-2614 | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to NVM Express SSD driver. | Solaris | N/A |