The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of SunOS

libssh2: generation of ephemeral key of 128 bits
An attacker can act as a Man-in-the-Middle on an application linked with libssh2, in because some ephemeral keys are too short...
bulletinoct2016, CVE-2016-0787, DSA-3487-1, FEDORA-2016-215a2219b1, FEDORA-2016-7942ee2cc5, openSUSE-SU-2016:0639-1, RHSA-2016:0428-01, SA120, SB10156, SOL21531693, VIGILANCE-VUL-19013
libxml2: unreachable memory reading via xmlNextChar
An attacker can invite the victim to open a malicious XML document, with an application linked with libxml2, to force a read at an invalid address in the xmlDictAddString() function, in order to trigger a denial of service...
758606, bulletinjul2016, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, CVE-2016-1833, DLA-503-1, DSA-2019-197, DSA-3593-1, FEDORA-2017-a3a47973eb, FEDORA-2017-be8574d593, HT206567, HT206568, JSA10770, JSA10774, openSUSE-SU-2016:1594-1, openSUSE-SU-2016:1595-1, RHSA-2016:1292-01, SA129, SB10170, SPL-119440, SPL-121159, SPL-123095, SUSE-SU-2016:1538-1, SUSE-SU-2016:1604-1, TNS-2017-03, USN-2994-1, VIGILANCE-VUL-19006
Apache Tomcat: session fixation via requestedSessionSSL
An attacker can reuse the requestedSessionSSL value of Apache Tomcat, in order to access to the TLS session of another user...
1980693, bulletinjan2016, c05150442, cpujul2018, CVE-2015-5346, DSA-3530-1, DSA-3552-1, DSA-3609-1, HPSBUX03606, NTAP-20180531-0001, openSUSE-SU-2016:0865-1, RHSA-2016:1087-01, RHSA-2016:1088-01, RHSA-2016:1089-01, RHSA-2016:2046-01, RHSA-2016:2807-01, RHSA-2016:2808-01, SUSE-SU-2016:0769-1, SUSE-SU-2016:0822-1, USN-3024-1, VIGILANCE-VUL-18995
Apache Tomcat: directory traversal of ServletContext
An attacker, who is allowed to upload a malicious web application on the service, can traverse directories in ServletContext of Apache Tomcat, in order to read the content of a directory outside the service root path...
1980693, 1981632, 1983989, bulletinjan2016, c05054964, c05150442, cpujul2018, CVE-2015-5174, DSA-3530-1, DSA-3552-1, DSA-3609-1, HPSBUX03561, HPSBUX03606, JSA10838, K30971148, NTAP-20180531-0001, openSUSE-SU-2016:0865-1, RHSA-2016:1432-01, RHSA-2016:1433-01, RHSA-2016:1434-01, RHSA-2016:1435-01, RHSA-2016:2045-01, RHSA-2016:2599-02, SOL30971148, SUSE-SU-2016:0769-1, SUSE-SU-2016:0822-1, SUSE-SU-2016:0839-1, USN-3024-1, VIGILANCE-VUL-18993
NTP.org: multiple vulnerabilities
An attacker can use several vulnerabilities of NTP.org...
c04554677, c04574882, c04916783, CERTFR-2014-AVI-537, CERTFR-2014-AVI-538, CERTFR-2016-AVI-148, cisco-sa-20141222-ntpd, cpuoct2016, CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296, DSA-3108-1, FEDORA-2014-17361, FEDORA-2014-17367, FEDORA-2014-17395, FreeBSD-SA-14:31.ntp, HPSBHF03432, HPSBPV03266, HPSBUX03240, JSA10663, MBGSA-1405, MDVSA-2015:003, MDVSA-2015:140, NetBSD-SA2015-003, openSUSE-SU-2014:1670-1, openSUSE-SU-2014:1680-1, RHSA-2014:2024-01, RHSA-2014:2025-01, RHSA-2015:0104-01, sk103825, SOL15933, SOL15934, SOL15935, SOL15936, SSA:2014-356-01, SSA-671683, SSRT101872, SUSE-SU-2014:1686-1, SUSE-SU-2014:1686-2, SUSE-SU-2014:1686-3, SUSE-SU-2014:1690-1, SUSE-SU-2015:0259-1, SUSE-SU-2015:0259-2, SUSE-SU-2015:0259-3, SUSE-SU-2015:0274-1, SUSE-SU-2015:0322-1, USN-2449-1, VIGILANCE-VUL-15867, VN-2014-005, VU#852879
Libgcrypt: information disclosure via ECDH
An attacker, who is located near the computer, can capture electromagnetic data during an ECDH encryption on Libgcrypt, in order to obtain information about the private key...
bulletinoct2017, CVE-2015-7511, DSA-3474-1, DSA-3478-1, FEDORA-2016-ec4c27d766, openSUSE-SU-2016:0575-1, openSUSE-SU-2016:1227-1, SSA:2016-054-03, USN-2896-1, VIGILANCE-VUL-18938
GTK+: integer overflow of gdk_cairo_set_source_pixbuf
An attacker can generate an integer overflow in gdk_cairo_set_source_pixbuf of GTK+, in order to trigger a denial of service, and possibly to run code...
bulletinjul2016, CVE-2013-7447, FEDORA-2016-330bfc0338, openSUSE-SU-2016:0647-1, openSUSE-SU-2016:2366-1, openSUSE-SU-2016:2374-1, USN-2898-1, USN-2898-2, VIGILANCE-VUL-18929
openstack-swift: denial of service via proxy-to-server
An attacker can trigger an overconsumption of resources by aborting connexion to openstack-swift requesting an URL related to large files, in order to trigger a denial of service...
bulletinapr2016, CVE-2016-0738, FEDORA-2016-2256c80a94, RHSA-2016:0126-01, RHSA-2016:0127-01, RHSA-2016:0128-01, RHSA-2016:0155-01, USN-3451-1, VIGILANCE-VUL-18864
openstack-heat: memory overuse
An attacker can create a memory overuse of openstack-heat, in order to trigger a denial of service...
bulletinapr2016, CVE-2015-5295, FEDORA-2016-fe5b9da308, RHSA-2016:0266-01, VIGILANCE-VUL-18863
OpenSSL: using disabled SSLv2 ciphers
An attacker can connect to a SSLv2 server with disabled ciphers in OpenSSL, in order to create a TLS session which is not secure...
2003480, 2003620, 2003673, 9010060, BSA-2016-004, bulletinjan2016, c05390893, CERTFR-2016-AVI-041, cisco-sa-20160129-openssl, cpuoct2016, cpuoct2017, CVE-2015-3197, DSA-2020-062, FEDORA-2016-527018d2ff, FEDORA-2016-e1234b65a2, FreeBSD-SA-16:11.openssl, HPESBHF03703, JSA10759, NTAP-20160201-0001, openSUSE-SU-2016:0362-1, openSUSE-SU-2016:0442-1, openSUSE-SU-2016:0627-1, openSUSE-SU-2016:0628-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:0638-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:0720-1, RHSA-2016:0372-01, RHSA-2016:0445-01, RHSA-2016:0446-01, RHSA-2016:0490-01, SA111, SB10203, SOL33209124, SOL64009378, SSA:2016-034-03, SUSE-SU-2016:0617-1, SUSE-SU-2016:0620-1, SUSE-SU-2016:0621-1, SUSE-SU-2016:0624-1, SUSE-SU-2016:0631-1, SUSE-SU-2016:0641-1, SUSE-SU-2016:0678-1, VIGILANCE-VUL-18837, VN-2016-002
Our database contains other pages. You can request a free trial to read them.

Display information about SunOS: