Filtered by vendor Sun
Subscribe
Search
Total
1718 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0436 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 10.0 HIGH | N/A |
| sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter. | |||||
| CVE-2011-2429 | 6 Adobe, Apple, Google and 3 more | 6 Flash Player, Mac Os X, Android and 3 more | 2018-10-30 | 5.0 MEDIUM | N/A |
| Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security control bypass." | |||||
| CVE-1999-0859 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 2.1 LOW | N/A |
| Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly. | |||||
| CVE-2005-3398 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 4.3 MEDIUM | N/A |
| The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers. | |||||
| CVE-2005-3071 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 2.1 LOW | N/A |
| Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9, when logging is enabled, allows local users to cause a denial of service ("soft hang") via certain write operations to UFS. | |||||
| CVE-1999-0212 | 1 Sun | 1 Sunos | 2018-10-30 | 7.8 HIGH | N/A |
| Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server. | |||||
| CVE-2008-3426 | 1 Sun | 3 Opensolaris, Solaris, Sunos | 2018-10-30 | 2.1 LOW | N/A |
| Unspecified vulnerability in the Solaris Platform Information and Control Library daemon (picld) in Sun Solaris 8 through 10, and OpenSolaris builds snv_01 through snv_95, allows local users to cause a denial of service via unknown vectors that prevent operation of utilities such as prtdiag, prtpicl, and prtfru. | |||||
| CVE-2009-0873 | 1 Sun | 3 Opensolaris, Solaris, Sunos | 2018-10-30 | 6.8 MEDIUM | N/A |
| The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the sec=sys and sec=krb5 security modes, related to modes that "override each other." | |||||
| CVE-2008-3450 | 1 Sun | 1 Sunos | 2018-10-30 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors. | |||||
| CVE-2005-2072 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 7.2 HIGH | N/A |
| The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT. | |||||
| CVE-2008-2121 | 1 Sun | 1 Sunos | 2018-10-30 | 7.8 HIGH | N/A |
| The TCP implementation in Sun Solaris 8, 9, and 10 allows remote attackers to cause a denial of service (CPU consumption and new connection timeouts) via a TCP SYN flood attack. | |||||
| CVE-2001-0470 | 1 Sun | 1 Sunos | 2018-10-30 | 7.2 HIGH | N/A |
| Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local users to gain root privileges by calling snmpd with a long program name. | |||||
| CVE-2008-2144 | 1 Sun | 1 Sunos | 2018-10-30 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Solaris print service for Sun Solaris 8, 9, and 10 allow remote attackers to cause a denial of service or execute arbitrary code via unknown vectors. | |||||
| CVE-2001-0421 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 6.4 MEDIUM | N/A |
| FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition. | |||||
| CVE-2001-0403 | 1 Sun | 1 Sunos | 2018-10-30 | 7.2 HIGH | N/A |
| /opt/JSparm/bin/perfmon program in Solaris allows local users to create arbitrary files as root via the Logging File option in the GUI. | |||||
| CVE-1999-0806 | 1 Sun | 1 Sunos | 2018-10-30 | 7.2 HIGH | N/A |
| Buffer overflow in Solaris dtprintinfo program. | |||||
| CVE-2005-0426 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via "Heavy UDP Usage" that triggers a NULL dereference. | |||||
| CVE-2001-0269 | 1 Sun | 1 Sunos | 2018-10-30 | 10.0 HIGH | N/A |
| pam_ldap authentication module in Solaris 8 allows remote attackers to bypass authentication via a NULL password. | |||||
| CVE-2005-0248 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 7.5 HIGH | N/A |
| The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to break into those accounts. | |||||
| CVE-1999-0211 | 1 Sun | 1 Sunos | 2018-10-30 | 5.0 MEDIUM | N/A |
| Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone. | |||||
| CVE-2009-0344 | 1 Sun | 2 Fire X2100 M2, Fire X2200 M2 | 2018-10-30 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6633175, a different vulnerability than CVE-2007-5717. | |||||
| CVE-2001-0095 | 1 Sun | 1 Sunos | 2018-10-30 | 1.2 LOW | N/A |
| catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the sman_PID temporary file. | |||||
| CVE-2009-3868 | 2 Microsoft, Sun | 6 Windows, Java Se, Jdk and 3 more | 2018-10-30 | 9.3 HIGH | N/A |
| Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. | |||||
| CVE-2004-1394 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 4.6 MEDIUM | N/A |
| The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges. | |||||
| CVE-2004-1353 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 7.2 HIGH | N/A |
| Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role Based Access Control (RBAC), allows local users to execute certain commands with additional privileges. | |||||
| CVE-2009-3871 | 2 Microsoft, Sun | 6 Windows, Java Se, Jdk and 3 more | 2018-10-30 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. | |||||
| CVE-2004-1349 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 2.1 LOW | N/A |
| gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files. | |||||
| CVE-2004-1348 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in in.named on Solaris 8 allows remote attackers to cause a denial of service (process crash). | |||||
| CVE-2004-1180 | 3 Debian, Mandrakesoft, Sun | 5 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 2 more | 2018-10-30 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash). | |||||
| CVE-2009-0345 | 1 Sun | 2 Fire X2100 M2, Fire X2200 M2 | 2018-10-30 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6648082, a different vulnerability than CVE-2007-5717. | |||||
| CVE-2009-3874 | 2 Microsoft, Sun | 6 Windows, Java Se, Jdk and 3 more | 2018-10-30 | 9.3 HIGH | N/A |
| Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. | |||||
| CVE-2007-5921 | 1 Sun | 1 Sunos | 2018-10-30 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in the ioctl interface in the Solaris Volume Manager (SVM) in Sun Solaris 9 and 10 allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than CVE-2004-1346. | |||||
| CVE-2004-0800 | 2 Avaya, Sun | 4 Call Management System Server, Dtmail, Solaris and 1 more | 2018-10-30 | 4.6 MEDIUM | N/A |
| Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value. | |||||
| CVE-2004-0651 | 1 Sun | 2 Jre, Sdk | 2018-10-30 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 through 1.4.2_03 allows remote attackers to cause a denial of service (virtual machine hang). | |||||
| CVE-2008-5550 | 1 Sun | 3 Java Web Console, Solaris, Sunos | 2018-10-30 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter. | |||||
| CVE-2004-0360 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 7.2 HIGH | N/A |
| Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local users to gain privileges via unknown attack vectors. | |||||
| CVE-2007-6482 | 2 Linux, Sun | 4 Linux Kernel, Ray Server Software, Solaris and 1 more | 2018-10-30 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | |||||
| CVE-2009-3872 | 2 Microsoft, Sun | 6 Windows, Java Se, Jdk and 3 more | 2018-10-30 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969. | |||||
| CVE-2007-6216 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 4.7 MEDIUM | N/A |
| Race condition in the Fibre Channel protocol (fcp) driver and Devices filesystem (devfs) in Sun Solaris 10 allows local users to cause a denial of service (system hang) via some programs that access hardware resources, as demonstrated by the (1) cfgadm and (2) format programs. | |||||
| CVE-2007-5422 | 1 Sun | 1 Sunos | 2018-10-30 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in "Solaris Auditing" in the Basic Security Module (BSM) in Sun Solaris 10, when configured for auditing of networking (nt) events, allows local users to cause a denial of service (panic) via unspecified vectors. | |||||
| CVE-2003-1563 | 1 Sun | 3 Cluster, Solaris, Sunos | 2018-10-30 | 4.0 MEDIUM | N/A |
| Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Application Clusters (OPS/RAC) allows local users to cause a denial of service (cluster node panic or abort) by launching a daemon listening on a TCP port that would otherwise be used by the Distributed Lock Manager (DLM), possibly involving this daemon responding in a manner that spoofs a cluster reconfiguration. | |||||
| CVE-2003-1437 | 6 Bea, Hp, Ibm and 3 more | 8 Weblogic Server, Hp-ux, Aix and 5 more | 2018-10-30 | 2.1 LOW | N/A |
| BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access. | |||||
| CVE-2004-1356 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 2.1 LOW | N/A |
| Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors. | |||||
| CVE-2004-1355 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 2.1 LOW | N/A |
| Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors. | |||||
| CVE-2009-3867 | 2 Microsoft, Sun | 6 Windows, Java Se, Jdk and 3 more | 2018-10-30 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. | |||||
| CVE-2004-1354 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 5.0 MEDIUM | N/A |
| The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack. | |||||
| CVE-2007-3717 | 1 Sun | 1 Sunos | 2018-10-30 | 6.9 MEDIUM | N/A |
| rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225. | |||||
| CVE-2009-3873 | 2 Microsoft, Sun | 6 Windows, Java Se, Jdk and 3 more | 2018-10-30 | 9.3 HIGH | N/A |
| The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968. | |||||
| CVE-2008-2946 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 7.8 HIGH | N/A |
| The SNMP-DMI mapper subagent daemon (aka snmpXdmid) in Solstice Enterprise Agents in Sun Solaris 8 through 10 allows remote attackers to cause a denial of service (daemon crash) via malformed packets. | |||||
| CVE-1999-0517 | 2 Hp, Sun | 2 Hp-ux, Sunos | 2018-10-30 | 7.5 HIGH | N/A |
| An SNMP community name is the default (e.g. public), null, or missing. | |||||