Shodan
Vulnerabilities
Vulnerable Software
Oracle:  >> Solaris  Security Vulnerabilities
CVE-2016-6185
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.
CVSS Score
7.8
EPSS Score
0.008
Published
2016-08-02
CVE-2016-5471
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5469.
CVSS Score
5.5
EPSS Score
0.004
Published
2016-07-21
CVE-2016-5469
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5471.
CVSS Score
5.5
EPSS Score
0.004
Published
2016-07-21
CVE-2016-5454
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Verified Boot.
CVSS Score
6.4
EPSS Score
0.003
Published
2016-07-21
CVE-2016-5452
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality via vectors related to Verified Boot.
CVSS Score
5.5
EPSS Score
0.004
Published
2016-07-21
CVE-2016-3584
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Libadimalloc.
CVSS Score
7.0
EPSS Score
0.003
Published
2016-07-21
CVE-2016-3497
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-5469 and CVE-2016-5471.
CVSS Score
5.5
EPSS Score
0.004
Published
2016-07-21
CVE-2016-3453
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to Kernel.
CVSS Score
5.5
EPSS Score
0.004
Published
2016-07-21
CVE-2016-5387
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.
CVSS Score
8.1
EPSS Score
0.557
Published
2016-07-19
CVE-2016-4957
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
CVSS Score
7.5
EPSS Score
0.449
Published
2016-07-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved