Filtered by vendor Sun
Subscribe
Search
Total
1710 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0769 | 1 Sun | 1 Solaris | 2017-10-11 | 7.2 HIGH | N/A |
| Unspecified vulnerability in in.rexecd in Solaris 10 allows local users to gain privileges on Kerberos systems via unknown attack vectors. | |||||
| CVE-2006-0190 | 1 Sun | 1 Solaris | 2017-10-11 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions from the mm driver. | |||||
| CVE-2006-0516 | 1 Sun | 1 Solaris | 2017-10-11 | 2.1 LOW | N/A |
| Unspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors. | |||||
| CVE-2004-1358 | 1 Sun | 1 Solaris | 2017-10-11 | 5.0 MEDIUM | N/A |
| The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged. | |||||
| CVE-2004-0817 | 9 Conectiva, Enlightenment, Imagemagick and 6 more | 16 Linux, Imlib, Imlib2 and 13 more | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file. | |||||
| CVE-2003-0722 | 1 Sun | 1 Solaris | 2017-10-11 | 10.0 HIGH | N/A |
| The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets. | |||||
| CVE-2003-1229 | 1 Sun | 4 Java Web Start, Jdk, Jre and 1 more | 2017-10-11 | 7.5 HIGH | N/A |
| X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files. | |||||
| CVE-2004-1357 | 1 Sun | 1 Solaris | 2017-10-11 | 5.0 MEDIUM | N/A |
| The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properly log IP addresses when SSHD is configured with the ListenAddress as 0.0.0.0, which makes it easier for remote attackers to hide the source of their activities. | |||||
| CVE-2004-0653 | 1 Sun | 1 Solaris | 2017-10-11 | 2.1 LOW | N/A |
| Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files. | |||||
| CVE-2004-1029 | 5 Conectiva, Gentoo, Hp and 2 more | 8 Linux, Linux, Hp-ux and 5 more | 2017-10-11 | 9.3 HIGH | N/A |
| The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. | |||||
| CVE-2004-0827 | 9 Conectiva, Enlightenment, Imagemagick and 6 more | 14 Linux, Imlib, Imlib2 and 11 more | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files. | |||||
| CVE-2004-1345 | 1 Sun | 3 Enterprise Storage Manager, Storedge 3310 Scsi Array, Storedge 3510 Fc Array | 2017-10-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) 2.1 for Solaris 8 and Solaris 9 allows local users with the "ESMUser" role to gain root access. | |||||
| CVE-2004-1346 | 1 Sun | 1 Solaris | 2017-10-11 | 2.1 LOW | N/A |
| The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users to cause a denial of service (kernel panic) via a malformed probe request to the SVM. | |||||
| CVE-2002-1361 | 1 Sun | 1 Cobalt Raq 4 | 2017-10-10 | 10.0 HIGH | N/A |
| overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter. | |||||
| CVE-2002-0090 | 1 Sun | 1 Solaris | 2017-10-10 | 7.2 HIGH | N/A |
| Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option. | |||||
| CVE-2002-0387 | 1 Sun | 1 One Application Server | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server before 6.5 allows remote attackers to execute arbitrary code via a long HTTP request URL. | |||||
| CVE-2001-1328 | 1 Sun | 1 Sunos | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code. | |||||
| CVE-2000-0958 | 1 Sun | 1 Hotjava Browser | 2017-10-10 | 5.0 MEDIUM | N/A |
| HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window. | |||||
| CVE-2000-1075 | 2 Netscape, Sun | 2 Directory Server, Iplanet Certificate Management System | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or Administrator services. | |||||
| CVE-2001-0077 | 1 Sun | 1 Cluster | 2017-10-10 | 5.0 MEDIUM | N/A |
| The clustmon service in Sun Cluster 2.x does not require authentication, which allows remote attackers to obtain sensitive information such as system logs and cluster configurations. | |||||
| CVE-2001-0078 | 1 Sun | 1 Cluster | 2017-10-10 | 2.1 LOW | N/A |
| in.mond in Sun Cluster 2.x allows local users to read arbitrary files via a symlink attack on the status file of a host running HA-NFS. | |||||
| CVE-2001-0423 | 1 Sun | 1 Solaris | 2017-10-10 | 7.2 HIGH | N/A |
| Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ (timezone) environmental variable, a different vulnerability than CAN-2002-0093. | |||||
| CVE-2001-0634 | 1 Sun | 1 Chilisoft | 2017-10-10 | 7.2 HIGH | N/A |
| Sun Chili!Soft ASP has weak permissions on various configuration files, which allows a local attacker to gain additional privileges and create a denial of service. | |||||
| CVE-1999-1142 | 1 Sun | 1 Sunos | 2017-10-10 | 7.2 HIGH | N/A |
| SunOS 4.1.2 and earlier allows local users to gain privileges via "LD_*" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the real and effective user ids to the same user. | |||||
| CVE-2001-1075 | 1 Sun | 1 Cobalt Raq 3i | 2017-10-10 | 5.0 MEDIUM | N/A |
| poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file. | |||||
| CVE-1999-1258 | 1 Sun | 1 Sunos | 2017-10-10 | 5.0 MEDIUM | N/A |
| rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information. | |||||
| CVE-1999-0084 | 1 Sun | 1 Nfs | 2017-10-10 | 7.2 HIGH | N/A |
| Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0. | |||||
| CVE-1999-1021 | 1 Sun | 1 Sunos | 2017-10-10 | 7.2 HIGH | N/A |
| NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade. | |||||
| CVE-1999-1118 | 1 Sun | 1 Solaris | 2017-10-10 | 2.1 LOW | N/A |
| ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters. | |||||
| CVE-1999-1507 | 1 Sun | 1 Sunos | 2017-10-10 | 7.2 HIGH | N/A |
| Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access via insecure permissions on files and directories such as crash. | |||||
| CVE-2009-2135 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 4.9 MEDIUM | N/A |
| Multiple race conditions in the Solaris Event Port API in Sun Solaris 10 and OpenSolaris before snv_107 allow local users to cause a denial of service (panic) via unspecified vectors related to a race between the port_dissociate and close functions. | |||||
| CVE-2009-1673 | 1 Sun | 1 Solaris | 2017-09-29 | 4.9 MEDIUM | N/A |
| The kernel in Sun Solaris 9 allows local users to cause a denial of service (panic) by calling fstat with a first argument of AT_FDCWD. | |||||
| CVE-2009-1671 | 1 Sun | 1 Jre | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allow remote attackers to execute arbitrary code via a long string argument to the (1) setInstallerType, (2) setAdditionalPackages, (3) compareVersion, (4) getStaticCLSID, or (5) launch method. | |||||
| CVE-2009-1672 | 1 Sun | 1 Jre | 2017-09-29 | 9.3 HIGH | N/A |
| The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allows remote attackers to (1) execute arbitrary code via a .jnlp URL in the argument to the launch method, and might allow remote attackers to launch JRE installation processes via the (2) installLatestJRE or (3) installJRE method. | |||||
| CVE-2009-0923 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Kerberos Incremental Propagation in Solaris 10 and OpenSolaris snv_01 through snv_110 allows remote attackers to cause a denial of service (loss of incremental propagation requests to slave KDC servers) via unknown vectors related to the master Key Distribution Center (KDC) server. | |||||
| CVE-2009-0913 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in the keysock kernel module in Solaris 10 and OpenSolaris builds snv_01 through snv_108 allows local users to cause a denial of service (system panic) via unknown vectors related to PF_KEY socket, probably related to setting socket options. | |||||
| CVE-2009-0793 | 2 Littlecms, Sun | 2 Lcms, Openjdk | 2017-09-29 | 4.3 MEDIUM | N/A |
| cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles." | |||||
| CVE-2009-1207 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 4.4 MEDIUM | N/A |
| Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files. | |||||
| CVE-2009-2029 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+ callbacks. | |||||
| CVE-2009-0167 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in lpadmin in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to enumeration of "wrong printers," aka a "Temporary file vulnerability." | |||||
| CVE-2009-0480 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 4.9 MEDIUM | N/A |
| The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of service (32-bit application failure and login outage) by opening a large number of sockets. | |||||
| CVE-2009-0346 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 4.9 MEDIUM | N/A |
| The IP-in-IP packet processing implementation in the IPsec and IP stacks in the kernel in Sun Solaris 9 and 10, and OpenSolaris snv_01 though snv_85, allows local users to cause a denial of service (panic) via a self-encapsulated packet that lacks IPsec protection. | |||||
| CVE-2009-0319 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in the autofs module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_108, allows local users to cause a denial of service (autofs mount outage) or possibly gain privileges via vectors related to "xdr processing problems." | |||||
| CVE-2009-0304 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 7.8 HIGH | N/A |
| The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficient validation security vulnerability," as demonstrated by SunOSipv6.c. | |||||
| CVE-2009-0268 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 4.9 MEDIUM | N/A |
| Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of "properly sequenced code" in ptc and ptsl. | |||||
| CVE-2009-0267 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 5.0 MEDIUM | N/A |
| libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does not properly check packets, which allows remote attackers to cause a denial of service (in.iked daemon crash) via an unspecified IKE packet, a different vulnerability than CVE-2007-2989. | |||||
| CVE-2009-0168 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in ppdmgr in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to a failure to "include all cache files," and improper handling of temporary files. | |||||
| CVE-2008-4131 | 1 Sun | 1 Solaris | 2017-09-29 | 7.2 HIGH | N/A |
| Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privileges via vectors related to handling of tags with (1) the -t option and (2) the :tag command in the (a) vi, (b) ex, (c) vedit, (d) view, and (e) edit programs. | |||||
| CVE-2008-4160 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via unknown vectors related to the Solaris Access Control List (ACL) implementation. | |||||
| CVE-2008-5410 | 1 Sun | 1 Solaris | 2017-09-29 | 7.8 HIGH | N/A |
| The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions. | |||||