Omnios Omniosce Omnios

Do you want an email whenever new security vulnerabilities are reported in Omniosce Omnios?

By the Year

In 2024 there have been 0 vulnerabilities in Omniosce Omnios . Omnios did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 1 5.50
2021 0 0.00
2020 2 9.00
2019 1 7.50
2018 0 0.00

It may take a day or so for new Omnios vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Omniosce Omnios Security Vulnerabilities

An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90

CVE-2021-43395 5.5 - Medium - December 26, 2022

An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle Solaris 10 and 11 is also affected.

Improper Locking

An issue was discovered in illumos before 2020-10-22

CVE-2020-27678 9.8 - Critical - October 26, 2020

An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c.

Classic Buffer Overflow

bhyve, as used in FreeBSD through 12.1 and illumos (e.g

CVE-2020-24718 8.2 - High - September 25, 2020

bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP.

AuthZ

illumos, as used in OmniOS Community Edition before r151030y

CVE-2019-19396 7.5 - High - November 29, 2019

illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ip_attr.c mishandles conn_ixa dereferences.

Improper Input Validation

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Omniosce Omnios or by Omniosce? Click the Watch button to subscribe.

Omniosce
Vendor

subscribe