Filtered by vendor Sun
Subscribe
Search
Total
1710 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1585 | 1 Sun | 1 Sunos | 2018-10-30 | 7.2 HIGH | N/A |
| The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges. | |||||
| CVE-1999-0410 | 1 Sun | 1 Sunos | 2018-10-30 | 7.2 HIGH | N/A |
| The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access. | |||||
| CVE-2009-3867 | 2 Microsoft, Sun | 6 Windows, Java Se, Jdk and 3 more | 2018-10-30 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. | |||||
| CVE-2009-3868 | 2 Microsoft, Sun | 6 Windows, Java Se, Jdk and 3 more | 2018-10-30 | 9.3 HIGH | N/A |
| Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. | |||||
| CVE-1999-0139 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 7.2 HIGH | N/A |
| Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access. | |||||
| CVE-2008-2946 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 7.8 HIGH | N/A |
| The SNMP-DMI mapper subagent daemon (aka snmpXdmid) in Solstice Enterprise Agents in Sun Solaris 8 through 10 allows remote attackers to cause a denial of service (daemon crash) via malformed packets. | |||||
| CVE-2007-3880 | 1 Sun | 2 Net Connect Software, Sunos | 2018-10-30 | 7.2 HIGH | N/A |
| Format string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog. | |||||
| CVE-2007-3717 | 1 Sun | 1 Sunos | 2018-10-30 | 6.9 MEDIUM | N/A |
| rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225. | |||||
| CVE-2002-2327 | 1 Sun | 2 Sun Fire, Sunos | 2018-10-30 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the environmental monitoring subsystem in Solaris 8 running on Sun Fire 280R, V480 and V880 allows local users to cause a denial of service by setting volatile properties. | |||||
| CVE-2007-3223 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the NFS server in Sun Solaris 10 before 20070613 allows remote attackers to cause a denial of service (system crash) via certain XDR data in NFS requests, probably related to processing of data by the xdr_bool and xdrmblk_getint32 functions. | |||||
| CVE-2002-2197 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 7.2 HIGH | N/A |
| Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a denial of service (kernel panic) via a program that uses /dev/poll, triggering a NULL pointer dereference. | |||||
| CVE-2007-3094 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server. | |||||
| CVE-2007-3093 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the logging mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote attackers to execute arbitrary code via unspecified vectors, related to the WBEM server. | |||||
| CVE-2007-4395 | 1 Sun | 1 Sunos | 2018-10-30 | 7.6 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Role Based Access Control (RBAC) functionality in Sun Solaris 8 allow remote attackers who know the password for a role to gain privileges via that role. | |||||
| CVE-2009-0873 | 1 Sun | 3 Opensolaris, Solaris, Sunos | 2018-10-30 | 6.8 MEDIUM | N/A |
| The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the sec=sys and sec=krb5 security modes, related to modes that "override each other." | |||||
| CVE-2007-2882 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets. | |||||
| CVE-2007-5422 | 1 Sun | 1 Sunos | 2018-10-30 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in "Solaris Auditing" in the Basic Security Module (BSM) in Sun Solaris 10, when configured for auditing of networking (nt) events, allows local users to cause a denial of service (panic) via unspecified vectors. | |||||
| CVE-2009-3871 | 2 Microsoft, Sun | 6 Windows, Java Se, Jdk and 3 more | 2018-10-30 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. | |||||
| CVE-1999-0334 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 7.2 HIGH | N/A |
| In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access. | |||||
| CVE-2007-2529 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 7.2 HIGH | N/A |
| Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL. | |||||
| CVE-2007-2465 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing (BSM) is enabled for file read, write, attribute modify, create, or delete audit classes, allows local users to cause a denial of service (panic) via unknown vectors, possibly related to the audit_savepath function. | |||||
| CVE-2009-0838 | 1 Sun | 2 Opensolaris, Sunos | 2018-10-30 | 4.9 MEDIUM | N/A |
| The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv_88 through snv_102, does not properly free memory, which allows local users to cause a denial of service (panic) via unspecified vectors, related to the vmem_hash_delete function. | |||||
| CVE-2007-2045 | 1 Sun | 1 Sunos | 2018-10-30 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the IP implementation in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (CPU consumption) via crafted IP packets, probably related to fragmented packets with duplicate or missing fragments. | |||||
| CVE-2002-1763 | 1 Sun | 1 Sunos | 2018-10-30 | 4.6 MEDIUM | N/A |
| The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" and "Return" keys are pressed repeatedly and quickly, which allows local users to access the current session. | |||||
| CVE-2002-1589 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 2.1 LOW | N/A |
| Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, KMF_DEADBEEF, or deadbeef) is set in the kmem_flags kernel parameter, allows local users to cause a denial of service (system panic). | |||||
| CVE-2007-1794 | 2 Mozilla, Sun | 3 Mozilla, Solaris, Sunos | 2018-10-30 | 10.0 HIGH | N/A |
| The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805. | |||||
| CVE-2002-1590 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 7.2 HIGH | N/A |
| The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of service. | |||||
| CVE-2007-1086 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 Universal Database and 3 more | 2018-10-30 | 7.2 HIGH | N/A |
| Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access." | |||||
| CVE-2002-1585 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 for SPARC allows remote attackers to cause a denial of service via certain packets that cause some network interfaces to stop responding to TCP traffic. | |||||
| CVE-2007-0895 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 2.6 LOW | N/A |
| Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435. | |||||
| CVE-2007-0882 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 10.0 HIGH | N/A |
| Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account. | |||||
| CVE-2002-1323 | 5 Redhat, Safe.pm, Sco and 2 more | 9 Enterprise Linux, Linux Advanced Workstation, Safe.pm and 6 more | 2018-10-30 | 4.6 MEDIUM | N/A |
| Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls. | |||||
| CVE-2007-6480 | 1 Sun | 2 Management\+center, Sunos | 2018-10-30 | 9.4 HIGH | N/A |
| The Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code. | |||||
| CVE-2007-0503 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors. | |||||
| CVE-2007-0470 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 7.2 HIGH | N/A |
| Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors. | |||||
| CVE-2007-0165 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 7.8 HIGH | N/A |
| Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind. | |||||
| CVE-2006-7140 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 5.8 MEDIUM | N/A |
| The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339. | |||||
| CVE-1999-1137 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 2.1 LOW | N/A |
| The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone. | |||||
| CVE-2006-6495 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 6.6 MEDIUM | N/A |
| Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in cases of external introduction of malicious message files, or if it is leveraged with other vulnerabilities such as CVE-2006-6494. | |||||
| CVE-2006-6494 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 6.6 MEDIUM | N/A |
| Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers. | |||||
| CVE-2006-6275 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 4.7 MEDIUM | N/A |
| Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals. | |||||
| CVE-2008-3450 | 1 Sun | 1 Sunos | 2018-10-30 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors. | |||||
| CVE-2009-0345 | 1 Sun | 2 Fire X2100 M2, Fire X2200 M2 | 2018-10-30 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6648082, a different vulnerability than CVE-2007-5717. | |||||
| CVE-2009-0344 | 1 Sun | 2 Fire X2100 M2, Fire X2200 M2 | 2018-10-30 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6633175, a different vulnerability than CVE-2007-5717. | |||||
| CVE-2004-1082 | 8 Apache, Apple, Avaya and 5 more | 14 Http Server, Apache Mod Digest Apple, Communication Manager and 11 more | 2018-10-30 | 7.5 HIGH | N/A |
| mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. | |||||
| CVE-2006-5214 | 2 Netbsd, Sun | 3 Netbsd, Solaris, Sunos | 2018-10-30 | 1.2 LOW | N/A |
| Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users. | |||||
| CVE-2008-3426 | 1 Sun | 3 Opensolaris, Solaris, Sunos | 2018-10-30 | 2.1 LOW | N/A |
| Unspecified vulnerability in the Solaris Platform Information and Control Library daemon (picld) in Sun Solaris 8 through 10, and OpenSolaris builds snv_01 through snv_95, allows local users to cause a denial of service via unknown vectors that prevent operation of utilities such as prtdiag, prtpicl, and prtfru. | |||||
| CVE-2006-5073 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets, a different vulnerability than CVE-2006-5013. | |||||
| CVE-1999-0296 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 7.2 HIGH | N/A |
| Solaris volrmmount program allows attackers to read any file. | |||||
| CVE-1999-1025 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 4.6 MEDIUM | N/A |
| CDE screen lock program (screenlock) on Solaris 2.6 does not properly lock an unprivileged user's console session when the host is an NIS+ client, which allows others with physical access to login with any string. | |||||