Vulnerabilities (CVE)

Filtered by vendor Omniosce Subscribe
Filtered by product Omnios
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-43395 5 Illumos, Joyent, Omniosce and 2 more 5 Illumos, Smartos, Omnios and 2 more 2024-02-04 N/A 5.5 MEDIUM
An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle Solaris 10 and 11 is also affected.
CVE-2020-24718 4 Freebsd, Netapp, Omniosce and 1 more 4 Freebsd, Clustered Data Ontap, Omnios and 1 more 2024-02-04 7.2 HIGH 8.2 HIGH
bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP.
CVE-2020-27678 3 Illumos, Joyent, Omniosce 3 Illumos, Smartos, Omnios 2024-02-04 7.5 HIGH 9.8 CRITICAL
An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c.
CVE-2019-19396 1 Omniosce 1 Omnios 2024-02-04 7.8 HIGH 7.5 HIGH
illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ip_attr.c mishandles conn_ixa dereferences.