CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-3622 – Solaris - 'EXTREMEPARR' dtappgather Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-3622
24 Apr 2017 — Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment (CDE)). The supported version that is affected is 10. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3622 is assigned for the "Extremeparr". • https://packetstorm.news/files/id/149509 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5553
https://notcve.org/view.php?id=CVE-2016-5553
25 Oct 2016 — Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via unknown vectors. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.3 permite a usuarios locales afectar la disponibilidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5544
https://notcve.org/view.php?id=CVE-2016-5544
25 Oct 2016 — Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.3 permite a usuarios locales afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con Kernel/X86. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html •
CVSS: 2.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5480
https://notcve.org/view.php?id=CVE-2016-5480
25 Oct 2016 — Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via vectors related to Bash. Vulnerabilidad no especificada en Oracle Sun Solaris 10 permite a usuarios locales afectar la integridad a través de vectores relacionados con Bash. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html •
CVSS: 4.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5559
https://notcve.org/view.php?id=CVE-2016-5559
25 Oct 2016 — Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect integrity via vectors related to Kernel. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.3 permite a usuarios locales afectar la integridad a través de vectores relacionados con Kernel. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html •
CVSS: 7.8EPSS: 97%CPEs: 49EXPL: 4CVE-2016-2776 – ISC BIND 9 - Denial of Service
https://notcve.org/view.php?id=CVE-2016-2776
28 Sep 2016 — buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. buffer.c en named en ISC BIND 9 en versiones anteriores a 9.9.9-P3, 9.10.x en versiones anteriores a 9.10.4-P3 y 9.11.x en versiones anteriores a 9.11.0rc3 no construye respuestas adecuadamente, lo que permite a atacantes remotos provocar una denegación d... • https://packetstorm.news/files/id/180551 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 18%CPEs: 34EXPL: 0CVE-2016-6302 – openssl: Insufficient TLS session ticket HMAC length checks
https://notcve.org/view.php?id=CVE-2016-6302
16 Sep 2016 — The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. La función tls_decrypt_ticket en ssl/t1_lib.c en OpenSSL en versiones anteriores a 1.1.0 no considera el tamaño HMAC durante la validación de la longitud del ticket, lo que permite a atacantes remotos provocar una denegación de servicio a través de un ticket que es muy corto. ... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 5%CPEs: 3EXPL: 1CVE-2016-5841 – Debian Security Advisory 3652-1
https://notcve.org/view.php?id=CVE-2016-5841
26 Aug 2016 — Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable. Desbordamiento de entero en MagickCore/profile.c en ImageMagick en versiones anteriores a 7.0.2-1 permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación) o posiblemente ejecutar código arbitrario a través de vectores que implican a la variable offset. handl... • http://www.openwall.com/lists/oss-security/2016/06/23/1 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 2CVE-2016-5842 – Gentoo Linux Security Advisory 201611-21
https://notcve.org/view.php?id=CVE-2016-5842
26 Aug 2016 — MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read. MagickCore/property.c en ImageMagick en versiones anteriores a 7.0.2-1 permite a atacantes remotos obtener información de memoria sensible a través de vectores que implican a la variable q, lo que desencadena una lectura fuera de límites. handling problems and cases of missing or incomplete input sanitising may result i... • http://www.openwall.com/lists/oss-security/2016/06/23/1 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 2CVE-2016-6491 – Gentoo Linux Security Advisory 201611-21
https://notcve.org/view.php?id=CVE-2016-6491
26 Aug 2016 — Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image. Desbordamiento de búfer en la función Get8BIMProperty en MagickCore/property.c en ImageMagick en versiones anteriores a 6.9.5-4 y 7.x en versiones anteriores a 7.0.2-6 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites, fuga de ... • http://www.openwall.com/lists/oss-security/2016/07/28/13 • CWE-125: Out-of-bounds Read •