# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2015-2808 |
310 |
|
|
2015-03-31 |
2018-01-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. |
2 |
CVE-2015-0428 |
|
|
|
2015-01-21 |
2017-09-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Resource Control. |
3 |
CVE-2014-6600 |
|
|
|
2015-01-21 |
2016-12-06 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2015-0397. |
4 |
CVE-2014-6570 |
|
|
|
2015-01-21 |
2016-12-06 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6600 and CVE-2015-0397. |
5 |
CVE-2014-6509 |
|
|
|
2015-01-21 |
2016-12-06 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability via unknown vectors related to Kernel. |
6 |
CVE-2014-6497 |
|
|
|
2014-10-15 |
2015-11-06 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Kernel. |
7 |
CVE-2014-6481 |
|
|
|
2015-01-21 |
2016-12-06 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect confidentiality via vectors related to KSSL. |
8 |
CVE-2014-4284 |
|
|
|
2014-10-15 |
2015-11-06 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than CVE-2014-4280. |
9 |
CVE-2014-4283 |
|
|
|
2014-10-15 |
2015-11-06 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4277. |
10 |
CVE-2014-4280 |
|
|
|
2014-10-15 |
2015-11-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than CVE-2014-4284. |
11 |
CVE-2014-4275 |
|
|
|
2014-10-15 |
2015-11-06 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to SMB server kernel module. |
12 |
CVE-2014-4239 |
|
|
|
2014-07-17 |
2018-10-09 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Common Agent Container (Cacao). |
13 |
CVE-2014-4224 |
|
|
|
2014-07-17 |
2018-10-09 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows local users to affect availability via unknown vectors related to sockfs. |
14 |
CVE-2014-4215 |
|
|
|
2014-07-17 |
2018-10-09 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers, a different vulnerability than CVE-2013-5862. |
15 |
CVE-2014-3575 |
264 |
|
|
2014-08-26 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects. |
16 |
CVE-2014-0447 |
|
|
|
2014-04-15 |
2016-11-22 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2013-5876. |
17 |
CVE-2014-0442 |
|
|
|
2014-04-15 |
2014-04-16 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Oracle Solaris 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Print Filter Utility. |
18 |
CVE-2014-0421 |
|
|
|
2014-04-15 |
2014-04-16 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Oracle Solaris 10, when running on the SPARC64-X Platform, allows local users to affect confidentiality, integrity, and availability via unknown vectors. |
19 |
CVE-2014-0390 |
|
|
|
2014-01-15 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Java Web Console. |
20 |
CVE-2013-5876 |
|
|
|
2014-01-15 |
2017-08-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2014-0447. |
21 |
CVE-2013-5864 |
|
|
|
2013-10-16 |
2017-09-18 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to USB hub driver. |
22 |
CVE-2013-5862 |
|
|
|
2013-10-16 |
2017-09-18 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers, a different vulnerability than CVE-2014-4215. |
23 |
CVE-2013-5849 |
|
|
|
2013-10-16 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT. |
24 |
CVE-2013-5839 |
|
|
|
2013-10-16 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Oracle Java Web Console. |
25 |
CVE-2013-5833 |
|
|
|
2014-01-15 |
2017-08-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 8 and 9 allows local users to affect availability via unknown vectors related to Filesystem. |
26 |
CVE-2013-5821 |
|
|
|
2014-01-15 |
2017-08-28 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via vectors related to RPC. |
27 |
CVE-2013-5790 |
|
|
|
2013-10-16 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS. |
28 |
CVE-2013-5784 |
|
|
|
2013-10-16 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING. |
29 |
CVE-2013-5780 |
|
|
|
2013-10-16 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. |
30 |
CVE-2013-3837 |
|
|
|
2013-10-16 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows remote attackers to affect availability via unknown vectors related to Cacao. |
31 |
CVE-2013-3799 |
|
|
|
2013-07-17 |
2017-09-18 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 10 and 11, when running on AMD64, allows local users to affect availability via unknown vectors related to Kernel. |
32 |
CVE-2013-3797 |
|
|
|
2013-07-17 |
2017-08-28 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Filesystem/DevFS. |
33 |
CVE-2013-3787 |
|
|
|
2013-07-17 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Kernel. |
34 |
CVE-2013-3765 |
|
|
|
2013-07-17 |
2017-08-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Kernel/VM. |
35 |
CVE-2013-3752 |
|
|
|
2013-07-17 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect integrity via vectors related to Service Management Facility (SMF). |
36 |
CVE-2013-2566 |
310 |
|
|
2013-03-15 |
2018-01-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. |
37 |
CVE-2013-2433 |
|
|
|
2013-04-17 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-1540. |
38 |
CVE-2013-2418 |
|
|
|
2013-04-17 |
2017-09-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. |
39 |
CVE-2013-1571 |
|
|
|
2013-06-18 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc. |
40 |
CVE-2013-1540 |
|
|
|
2013-04-17 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2433. |
41 |
CVE-2013-1507 |
|
|
|
2013-04-17 |
2017-09-18 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Filesystem. |
42 |
CVE-2013-1498 |
|
|
|
2013-04-17 |
2017-09-18 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1496. |
43 |
CVE-2013-1496 |
|
|
|
2013-04-17 |
2017-09-18 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1498. |
44 |
CVE-2013-1494 |
|
|
|
2013-04-17 |
2017-09-18 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 10, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel. |
45 |
CVE-2013-0443 |
|
|
|
2013-02-01 |
2017-09-18 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key. |
46 |
CVE-2013-0438 |
|
|
|
2013-02-01 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. |
47 |
CVE-2013-0413 |
|
|
|
2013-04-17 |
2017-09-18 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Remote Execution Service. |
48 |
CVE-2013-0407 |
|
|
|
2013-01-16 |
2017-09-18 |
4.6 |
None |
Local |
Low |
Single system |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework. |
49 |
CVE-2013-0406 |
|
|
|
2013-04-17 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors via vectors related to Kernel/IPsec. |
50 |
CVE-2012-5095 |
|
|
|
2012-10-17 |
2013-10-10 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to inetd. |