Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Sun Subscribe
Filtered by product Solaris
Total 553 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-2071 1 Sun 1 Solaris 2016-10-17 4.6 MEDIUM N/A
traceroute in Sun Solaris 10 on x86 systems allows local users to execute arbitrary code with PRIV_NET_RAWACCESS privileges via (1) a large number of -g arguments or (2) a malformed -s argument with a trailing . (dot).
CVE-1999-1026 1 Sun 1 Solaris 2016-10-17 7.2 HIGH N/A
aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files and gain root privileges via a symlink attack on the /tmp/.asppp.fifo file.
CVE-2005-3250 1 Sun 1 Solaris 2013-07-19 2.1 LOW N/A
Unknown vulnerability in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors related to the "/proc" filesystem, which trigger a null dereference.
CVE-2009-3100 2 Sun, X.org 3 Opensolaris, Solaris, X11 2011-12-20 4.0 MEDIUM N/A
xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking the screen and then attempting to launch an Accessibility pop-up window, related to a regression in certain Solaris and OpenSolaris patches.
CVE-2009-0132 1 Sun 2 Opensolaris, Solaris 2011-03-07 4.9 MEDIUM N/A
Integer overflow in the aio_suspend function in Sun Solaris 8 through 10 and OpenSolaris, when 32-bit mode is enabled, allows local users to cause a denial of service (panic) via a large integer value in the second argument (aka nent argument).
CVE-2008-0836 1 Sun 1 Solaris 2011-03-07 4.9 MEDIUM N/A
Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 9 and 10 on x86 architectures allows local users to cause a denial of service (panic) via unspecified vectors that trigger a NULL pointer dereference in the vuid3ps2 module, a different issue than CVE-2007-5319.
CVE-2007-4495 1 Sun 1 Solaris 2011-03-07 4.9 MEDIUM N/A
Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on the x86 platform before 20070821 allows local users to cause a denial of service (system panic) via an unspecified ioctl function, aka Bug 6433124.
CVE-2007-3794 6 Hitachi, Hp, Ibm and 3 more 16 Cosminexus Application Server, Cosminexus Client, Cosminexus Developer and 13 more 2011-03-07 10.0 HIGH N/A
Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by a Java application.
CVE-2006-5726 1 Sun 1 Solaris 2011-03-07 4.9 MEDIUM N/A
alloccgblk in the UFS filesystem in Solaris 10 allows local users to cause a denial of service (memory corruption) by mounting crafted UFS filesystems with malformed data structures.
CVE-2005-4701 1 Sun 1 Solaris 2011-03-07 2.1 LOW N/A
Unspecified vulnerability in Process File System (procfs) in Sun Solaris 10 allows local users to obtain sensitive information such as process working directories via unknown attack vectors, possibly pwdx.
CVE-2005-4706 1 Sun 1 Solaris 2011-03-07 2.1 LOW N/A
Unspecified vulnerability in the "privilege management" feature of Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors that trigger a null dereference in the secpolicy_fs_common function.
CVE-2005-4133 1 Sun 1 Solaris 2011-03-07 2.1 LOW N/A
Sun Update Connection in Sun Solaris 10, when configured to use a web proxy, allows local users to obtain the proxy authentication password via (1) an unspecified vector and (2) proxy log files.
CVE-2005-3674 1 Sun 1 Solaris 2011-03-07 7.8 HIGH N/A
The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Sun Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked crash) via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
CVE-2005-3001 1 Sun 1 Solaris 2011-03-07 2.1 LOW N/A
Unspecified vulnerability in the "tl" driver in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.
CVE-2010-2594 7 Ibm, Intersect Alliance, Linux and 4 more 14 Aix, Snare Agent, Snare Epilog and 11 more 2010-07-02 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port.
CVE-2009-3164 1 Sun 2 Opensolaris, Solaris 2010-06-24 7.1 HIGH N/A
Unspecified vulnerability in the IPv6 networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_122, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames. NOTE: this issue exists because of an incomplete fix for CVE-2009-2136.
CVE-2009-2283 1 Sun 2 Java Web Console, Solaris 2010-06-13 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2314 1 Sun 2 Lightweight Availability Collection Tool, Solaris 2010-05-28 2.1 LOW N/A
Race condition in the Sun Lightweight Availability Collection Tool 3.0 on Solaris 7 through 10 allows local users to overwrite arbitrary files via unspecified vectors.
CVE-2009-4774 1 Sun 2 Opensolaris, Solaris 2010-04-21 4.0 MEDIUM N/A
Unspecified vulnerability in Sun Solaris 10 and OpenSolaris snv_49 through snv_117, when 64bit mode is used on the Intel x86 platform and a Linux (lx) branded zone is configured, allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than CVE-2007-6225.
CVE-2010-0444 2 Hp, Sun 2 Operations Agent, Solaris 2010-02-12 10.0 HIGH N/A
HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a blank password for the opc_op account, which allows remote attackers to execute arbitrary code via unspecified vectors.