Every CVE whose affected-product data names Oracle Solaris, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2015-2725 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird…
CVE-2007-0882 — CVSS 10.0 (critical): Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client…
CVE-2015-2731 — CVSS 10.0 (critical): Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox…
CVE-2015-8104 — CVSS 10.0 (critical): The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host…
CVE-2015-2726 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of…
CVE-2010-3509 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability via…
CVE-2014-1478 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers…
CVE-2017-3623 — CVSS 10.0 (critical): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). For supported versions that are…
CVE-2014-0397 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in libXtsol in Oracle Solaris 10 and 11.1 have unspecified impact and attack vectors related to…
CVE-2015-4485 — CVSS 10.0 (critical): Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2…
CVE-2026-46978 — CVSS 10.0 (critical): Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The supported version that is…
CVE-2015-2740 — CVSS 10.0 (critical): Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and…
CVE-2015-4486 — CVSS 10.0 (critical): The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to…
CVE-2013-5610 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers…
CVE-2015-2739 — CVSS 10.0 (critical): The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird…
CVE-2015-2738 — CVSS 10.0 (critical): The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x…
CVE-2015-2737 — CVSS 10.0 (critical): The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and…
CVE-2002-1337 — CVSS 10.0 (critical): Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related…
CVE-2015-2722 — CVSS 10.0 (critical): Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8…
CVE-2014-1563 — CVSS 10.0 (critical): Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before…
CVE-2014-1528 — CVSS 10.0 (critical): The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote…
CVE-2014-1488 — CVSS 10.0 (critical): The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code…
CVE-2015-2724 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before…
CVE-2015-2734 — CVSS 10.0 (critical): The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x…
CVE-2015-2733 — CVSS 10.0 (critical): Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8…
CVE-2020-10108 — CVSS 9.8 (critical): In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it…
CVE-2016-5118 — CVSS 9.8 (critical): The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a |…
CVE-2016-2177 — CVSS 9.8 (critical): OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a…
CVE-2016-1283 — CVSS 9.8 (critical): The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J…
CVE-2016-0693 — CVSS 9.8 (critical): Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote attackers to affect confidentiality, integrity, and availability…
CVE-2017-3632 — CVSS 9.8 (critical): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: CDE Calendar). Supported versions that are…
CVE-2001-0249 — CVSS 9.8 (critical): Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the…
CVE-2016-5687 — CVSS 9.8 (critical): The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have…
CVE-2016-5689 — CVSS 9.8 (critical): The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack…
CVE-2016-5690 — CVSS 9.8 (critical): The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified…
CVE-2016-5691 — CVSS 9.8 (critical): The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack…
CVE-2016-5841 — CVSS 9.8 (critical): Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation…
CVE-2017-3510 — CVSS 9.6 (critical): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver). The…
CVE-2014-1494 — CVSS 9.3 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers…
CVE-2014-1557 — CVSS 9.3 (critical): The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before…
CVE-2015-2736 — CVSS 9.3 (critical): The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird…
CVE-2015-4493 — CVSS 9.3 (critical): Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and…
CVE-2014-1507 — CVSS 9.3 (critical): Directory traversal vulnerability in the DeviceStorage API in Mozilla FirefoxOS before 1.2.2 allows attackers to bypass the media sandbox…
CVE-2015-2735 — CVSS 9.3 (critical): nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses…
CVE-2015-4496 — CVSS 9.3 (critical): Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted…
CVE-2020-2696 — CVSS 8.8 (high): Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). The supported version that is…
CVE-2019-2832 — CVSS 8.8 (high): Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment). The…
CVE-2019-2844 — CVSS 8.8 (high): Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDAP Client Tools). The supported version…
CVE-2020-2944 — CVSS 8.8 (high): Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected…
CVE-2016-6491 — CVSS 8.8 (high): Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote…
CVE-2015-0973 — CVSS 8.8 (high): Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent…
CVE-2016-4971 — CVSS 8.8 (high): GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
CVE-2022-21446 — CVSS 8.2 (high): Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily…
CVE-2024-20999 — CVSS 8.2 (high): Vulnerability in the Oracle Solaris product of Oracle Systems (component: Zones). The supported version that is affected is 11. Easily…
CVE-2017-3564 — CVSS 8.2 (high): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RBAC). The supported version that is affected is…
CVE-2016-0778 — CVSS 8.1 (high): The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when…
CVE-2018-3273 — CVSS 8.1 (high): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Remote Administration Daemon (RAD)). The…
CVE-2018-2928 — CVSS 8.1 (high): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RAD). The supported version that is affected is…
CVE-2019-9579 — CVSS 8.1 (high): An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have…
CVE-2016-5387 — CVSS 8.1 (high): The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of…
CVE-2016-5688 — CVSS 8.1 (high): The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have…
CVE-2017-3565 — CVSS 7.9 (high): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RBAC). The supported version that is affected is…
CVE-2016-0403 — CVSS 7.8 (high): Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to SMB Utilities.
CVE-2011-3537 — CVSS 7.8 (high): Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related…
CVE-2016-2334 — CVSS 7.8 (high): Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers…
CVE-2024-21059 — CVSS 7.8 (high): Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Difficult…
CVE-2016-5544 — CVSS 7.8 (high): Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via…
CVE-2021-2167 — CVSS 7.8 (high): Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). The supported version that is…
CVE-2020-2927 — CVSS 7.8 (high): Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected…
CVE-2020-2851 — CVSS 7.8 (high): Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected…
CVE-2016-6185 — CVSS 7.8 (high): The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local…
CVE-2015-5143 — CVSS 7.8 (high): The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to…
CVE-2023-22023 — CVSS 7.8 (high): Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Interface). The supported version that is affected…
CVE-2017-3629 — CVSS 7.8 (high): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected…
CVE-2016-3441 — CVSS 7.8 (high): Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via…
CVE-2017-3622 — CVSS 7.8 (high): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment (CDE)). The supported…
CVE-2018-2892 — CVSS 7.8 (high): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Availability Suite Service). Supported versions…
CVE-2015-3812 — CVSS 7.8 (high): Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before…
CVE-2023-21948 — CVSS 7.8 (high): Vulnerability in the Oracle Solaris product of Oracle Systems (component: Core). The supported version that is affected is 10. Easily…
CVE-2016-0440 — CVSS 7.8 (high): Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to NFSv4.
CVE-2017-3516 — CVSS 7.7 (high): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver). The…
CVE-2018-2908 — CVSS 7.7 (high): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected…
CVE-2018-2754 — CVSS 7.7 (high): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: ZVNET Driver). The supported version that is…
CVE-2023-21985 — CVSS 7.7 (high): Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Supported versions that are affected are 10 and 11…
CVE-2018-2926 — CVSS 7.6 (high): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NVIDIA-GFX Kernel driver). The supported version…
CVE-2022-21524 — CVSS 7.6 (high): Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily…
CVE-2019-16056 — CVSS 7.5 (high): An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly…
CVE-2022-21514 — CVSS 7.5 (high): Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The supported version that is…
CVE-2015-7236 — CVSS 7.5 (high): Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of…
CVE-2015-7546 — CVSS 7.5 (high): The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware…
CVE-2015-8126 — CVSS 7.5 (high): Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54…
CVE-2016-3627 — CVSS 7.5 (high): The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to…
CVE-2016-5842 — CVSS 7.5 (high): MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving…
CVE-2016-2776 — CVSS 7.5 (high): buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct…
CVE-2016-2381 — CVSS 7.5 (high): Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment…
CVE-2016-6302 — CVSS 7.5 (high): The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket…
CVE-2017-10036 — CVSS 7.5 (high): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NFSv4). Supported versions that are affected are…
CVE-2015-4492 — CVSS 7.5 (high): Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2…
CVE-2017-10042 — CVSS 7.5 (high): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: IKE). Supported versions that are affected are…
CVE-2015-4489 — CVSS 7.5 (high): The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote…
CVE-2020-7044 — CVSS 7.5 (high): In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <=…
CVE-2015-4488 — CVSS 7.5 (high): Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS…
CVE-2016-4953 — CVSS 7.5 (high): ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a…
CVE-2015-4487 — CVSS 7.5 (high): The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow…
CVE-2020-2565 — CVSS 7.5 (high): Vulnerability in the Oracle Solaris product of Oracle Systems (component: Consolidation Infrastructure). The supported version that is…
CVE-2013-5619 — CVSS 7.5 (high): Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23…
CVE-2016-4483 — CVSS 7.5 (high): The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service…
CVE-2014-1485 — CVSS 7.5 (high): The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets…
CVE-2016-4957 — CVSS 7.5 (high): ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this…
CVE-2015-3329 — CVSS 7.5 (high): Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and…
CVE-2015-3200 — CVSS 7.5 (high): mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a…
CVE-2015-3145 — CVSS 7.5 (high): The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote…
CVE-2020-12243 — CVSS 7.5 (high): In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon…
CVE-2015-2743 — CVSS 7.5 (high): PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal…
CVE-2019-2838 — CVSS 7.5 (high): Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is…
CVE-2014-6051 — CVSS 7.5 (high): Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a…
CVE-2014-6052 — CVSS 7.5 (high): The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return…
CVE-2014-6491 — CVSS 7.5 (high): Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect…
CVE-2019-2541 — CVSS 7.5 (high): Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: DHCP Client). The supported version that…
CVE-2019-2437 — CVSS 7.5 (high): Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is…
CVE-2014-6500 — CVSS 7.5 (high): Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect…
CVE-2019-19553 — CVSS 7.5 (high): In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-te…
CVE-2015-1351 — CVSS 7.5 (high): Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7…
CVE-2019-13565 — CVSS 7.5 (high): An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL…
CVE-2015-2728 — CVSS 7.5 (high): The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x…
CVE-2014-8145 — CVSS 7.5 (high): Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a…
CVE-2015-2716 — CVSS 7.5 (high): Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote…
CVE-2014-9657 — CVSS 7.5 (high): The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote…
CVE-2014-9658 — CVSS 7.5 (high): The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote…
CVE-2014-9659 — CVSS 7.5 (high): cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been…
CVE-2014-9660 — CVSS 7.5 (high): The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows…
CVE-2014-9663 — CVSS 7.5 (high): The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is…
CVE-2018-2710 — CVSS 7.5 (high): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected…
CVE-2018-2718 — CVSS 7.5 (high): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC). Supported versions that are affected are…
CVE-2014-9674 — CVSS 7.5 (high): The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the…
CVE-2016-4954 — CVSS 7.5 (high): The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service…
CVE-2018-2764 — CVSS 7.5 (high): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected…
CVE-2015-0411 — CVSS 7.5 (high): Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect…
CVE-2015-2155 — CVSS 7.5 (high): The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code…
CVE-2018-3275 — CVSS 7.4 (high): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: LibKMIP). The supported version that is affected…
CVE-2017-3497 — CVSS 7.3 (high): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Remote Administration Daemon). The supported…
CVE-2019-2804 — CVSS 7.3 (high): Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Filesystem). Supported versions that are…
CVE-2019-2820 — CVSS 7.3 (high): Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Gnuplot). The supported version that is…
CVE-2020-14724 — CVSS 7.3 (high): Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Utility). The supported version that is affected is…
CVE-2015-0448 — CVSS 7.2 (high): Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors…
CVE-2016-0414 — CVSS 7.2 (high): Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown…
CVE-2025-30690 — CVSS 7.2 (high): Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11…
CVE-2015-2577 — CVSS 7.2 (high): Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown…
CVE-2015-2631 — CVSS 7.2 (high): Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via…
CVE-2016-0546 — CVSS 7.2 (high): Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before…
CVE-2015-4819 — CVSS 7.2 (high): Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality…
CVE-2018-2578 — CVSS 7.2 (high): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected…
CVE-2015-2578 — CVSS 7.1 (high): Unspecified vulnerability in Oracle Sun Solaris 11.2 allows remote attackers to affect availability via vectors related to Kernel IDMap.
CVE-2020-2605 — CVSS 7.1 (high): Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily…
CVE-2026-46914 — CVSS 7.1 (high): Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11.4…
CVE-2008-4609 — CVSS 7.1 (high): The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other…
CVE-2016-3584 — CVSS 7.0 (high): Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via vectors…
CVE-2023-21896 — CVSS 7.0 (high): Vulnerability in the Oracle Solaris product of Oracle Systems (component: NSSwitch). Supported versions that are affected are 10 and 11…
CVE-2018-1165 — CVSS 7.0 (high): This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064…
CVE-2018-1171 — CVSS 7.0 (high): This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064…
CVE-2015-0829 — CVSS 6.8 (medium): Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video…
CVE-2015-0828 — CVSS 6.8 (medium): Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator…
CVE-2015-1270 — CVSS 6.8 (medium): The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before…
CVE-2015-1283 — CVSS 6.8 (medium): Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other…
CVE-2014-9669 — CVSS 6.8 (medium): Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds…
CVE-2014-9666 — CVSS 6.8 (medium): The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting…
CVE-2014-9664 — CVSS 6.8 (medium): FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a…
CVE-2014-6469 — CVSS 6.8 (medium): Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect…
CVE-2014-6270 — CVSS 6.8 (medium): Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote…
CVE-2014-1542 — CVSS 6.8 (medium): Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute…
CVE-2015-3330 — CVSS 6.8 (medium): The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the…
CVE-2014-1502 — CVSS 6.8 (medium): The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25…
CVE-2015-4491 — CVSS 6.8 (medium): Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0…
CVE-2016-0505 — CVSS 6.8 (medium): Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before…
CVE-2017-10004 — CVSS 6.7 (medium): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected…
CVE-2017-3551 — CVSS 6.6 (medium): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Smartcard Libraries). The supported version that…
CVE-2010-3507 — CVSS 6.6 (medium): Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via…
CVE-2018-2717 — CVSS 6.6 (medium): Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SPARC Platform). Supported versions that are…
CVE-2015-4837 — CVSS 6.6 (medium): Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown…
CVE-2016-5844 — CVSS 6.5 (medium): Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via…
CVE-2025-53068 — CVSS 6.5 (medium): Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily…
CVE-2015-8786 — CVSS 6.5 (medium): The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service…
CVE-2018-12207 — CVSS 6.5 (medium): Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an…
CVE-2014-2436 — CVSS 6.5 (medium): Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect…
CVE-2016-0777 — CVSS 6.5 (medium): The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain…
CVE-2014-8094 — CVSS 6.5 (medium): Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through…
CVE-2023-21984 — CVSS 6.5 (medium): Vulnerability in the Oracle Solaris product of Oracle Systems (component: Libraries). The supported version that is affected is 11. Easily…
CVE-2019-16168 — CVSS 6.5 (medium): In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a…
CVE-2014-6530 — CVSS 6.5 (medium): Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect…
CVE-2021-35539 — CVSS 6.5 (medium): Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily…
CVE-2026-34281 — CVSS 6.5 (medium): Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11.4. Easily…
CVE-2014-4258 — CVSS 6.5 (medium): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote…
CVE-2014-7142 — CVSS 6.4 (medium): The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a…
CVE-2014-1506 — CVSS 6.4 (medium): Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the…
CVE-2014-9512 — CVSS 6.4 (medium): rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.