Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43395 | 5 Illumos, Joyent, Omniosce and 2 more | 5 Illumos, Smartos, Omnios and 2 more | 2024-02-04 | N/A | 5.5 MEDIUM |
| An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle Solaris 10 and 11 is also affected. | |||||
| CVE-2020-27678 | 3 Illumos, Joyent, Omniosce | 3 Illumos, Smartos, Omnios | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c. | |||||
| CVE-2016-6561 | 1 Illumos | 1 Illumos | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| illumos smbsrv NULL pointer dereference allows system crash. | |||||
| CVE-2016-6560 | 1 Illumos | 1 Illumos | 2024-02-04 | 7.8 HIGH | 8.6 HIGH |
| illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash. | |||||
| CVE-2014-9491 | 1 Illumos | 1 Illumos | 2024-02-04 | 5.0 MEDIUM | N/A |
| The devzvol_readdir function in illumos does not check the return value of a strchr call, which allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors. | |||||
| CVE-2012-0217 | 8 Citrix, Freebsd, Illumos and 5 more | 11 Xenserver, Freebsd, Illumos and 8 more | 2024-02-04 | 7.2 HIGH | N/A |
| The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier. | |||||