Illumos
Products
1- 9 CVEs
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6560 | Hig | 0.56 | 8.6 | 0.02 | Mar 31, 2017 | illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash. | ||
| CVE-2016-6561 | Hig | 0.49 | 7.5 | 0.03 | Mar 31, 2017 | illumos smbsrv NULL pointer dereference allows system crash. | ||
| CVE-2024-26317 | Med | 0.40 | 6.1 | 0.00 | Jan 27, 2025 | In illumos illumos-gate 2024-02-15, an error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates, causing the algorithm to yield a result of POINT_AT_INFINITY when it should not. A man-in-the-middle attacker could use this to… | ||
| CVE-2012-0217 | 0.06 | — | 0.37 | Jun 12, 2012 | The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta… | |||
| CVE-2023-31284 | 0.00 | — | 0.00 | May 4, 2023 | illumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege escalation via a stat on a long file name in /dev/net. | |||
| CVE-2021-43395 | 0.00 | — | 0.00 | Dec 26, 2022 | An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs… | |||
| CVE-2020-27678 | 0.00 | — | 0.01 | Oct 23, 2020 | An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c. | |||
| CVE-2019-19396 | 0.00 | — | 0.01 | Nov 29, 2019 | illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ip_attr.c mishandles conn_ixa dereferences. | |||
| CVE-2014-9491 | 0.00 | — | 0.03 | Jan 20, 2015 | The devzvol_readdir function in illumos does not check the return value of a strchr call, which allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors. |
- risk 0.56cvss 8.6epss 0.02
illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash.
- risk 0.49cvss 7.5epss 0.03
illumos smbsrv NULL pointer dereference allows system crash.
- risk 0.40cvss 6.1epss 0.00
In illumos illumos-gate 2024-02-15, an error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates, causing the algorithm to yield a result of POINT_AT_INFINITY when it should not. A man-in-the-middle attacker could use this to…
- CVE-2012-0217Jun 12, 2012risk 0.06cvss —epss 0.37
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta…
- CVE-2023-31284May 4, 2023risk 0.00cvss —epss 0.00
illumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege escalation via a stat on a long file name in /dev/net.
- CVE-2021-43395Dec 26, 2022risk 0.00cvss —epss 0.00
An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs…
- CVE-2020-27678Oct 23, 2020risk 0.00cvss —epss 0.01
An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c.
- CVE-2019-19396Nov 29, 2019risk 0.00cvss —epss 0.01
illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ip_attr.c mishandles conn_ixa dereferences.
- CVE-2014-9491Jan 20, 2015risk 0.00cvss —epss 0.03
The devzvol_readdir function in illumos does not check the return value of a strchr call, which allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors.