Total
553 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-1576 | 1 Sun | 3 Change Manager, Management Center, Solaris | 2010-01-30 | 10.0 HIGH | N/A |
Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Management Center (SunMC) 3.0 on Solaris 8 and 9 on the sparc platform allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2003-1575 | 2 Sun, Symantec | 2 Solaris, Vxfs | 2010-01-30 | 4.6 MEDIUM | N/A |
VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem. | |||||
CVE-2004-2766 | 2 Redhat, Sun | 4 Enterprise Linux, Iplanet Messaging Server, One Messaging Server and 1 more | 2010-01-30 | 4.3 MEDIUM | N/A |
Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified "access" to e-mail via a crafted e-mail message, related to a "session hijacking" issue, a different vulnerability than CVE-2005-2022 and CVE-2006-5486. | |||||
CVE-2004-2765 | 2 Redhat, Sun | 4 Enterprise Linux, Iplanet Messaging Server, One Messaging Server and 1 more | 2010-01-30 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than CVE-2005-2022 and CVE-2006-5486. | |||||
CVE-2009-4502 | 3 Freebsd, Sun, Zabbix | 3 Freebsd, Solaris, Zabbix | 2009-12-31 | 9.3 HIGH | N/A |
The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses. | |||||
CVE-2009-4314 | 1 Sun | 2 Ray Server Software, Solaris | 2009-12-14 | 4.4 MEDIUM | N/A |
Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking (AMGH) is enabled, responds to a logout action by immediately logging the user in again, which makes it easier for physically proximate attackers to obtain access to a session by going to an unattended DTU device. | |||||
CVE-2009-4187 | 1 Sun | 2 Java System Portal Server, Solaris | 2009-12-03 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-3706 | 1 Sun | 2 Opensolaris, Solaris | 2009-10-16 | 4.4 MEDIUM | N/A |
Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and OpenSolaris snv_100 through snv_117, allows local users to bypass intended limitations of the file_chown_self privilege via certain uses of the chown system call. | |||||
CVE-2009-3390 | 1 Sun | 2 Opensolaris, Solaris | 2009-09-24 | 7.2 HIGH | N/A |
Multiple unspecified vulnerabilities in the (1) iscsiadm and (2) iscsitadm programs in Sun Solaris 10, and OpenSolaris snv_28 through snv_109, allow local users with certain RBAC execution profiles to gain privileges via unknown vectors related to the libima library. | |||||
CVE-2009-2136 | 1 Sun | 2 Opensolaris, Solaris | 2009-09-16 | 7.8 HIGH | N/A |
Unspecified vulnerability in the TCP/IP networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_117, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames. | |||||
CVE-2009-3101 | 1 Sun | 2 Opensolaris, Solaris | 2009-09-08 | 4.9 MEDIUM | N/A |
xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and OpenSolaris snv_109 through snv_122, does not properly handle Trusted Extensions, which allows local users to cause a denial of service (CPU consumption and console hang) by locking the screen, related to a regression in certain Solaris and OpenSolaris patches. | |||||
CVE-2009-3000 | 1 Sun | 2 Opensolaris, Solaris | 2009-08-30 | 7.1 HIGH | N/A |
The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_41 through snv_122, when Network Cache Accelerator (NCA) logging is enabled, allows remote attackers to cause a denial of service (panic) via unspecified web-server traffic that triggers a NULL pointer dereference in the nl7c_http_log function, related to "improper http response handling." | |||||
CVE-2009-2856 | 1 Sun | 2 Solaris, Virtual Desktop Infrastructure | 2009-08-21 | 3.5 LOW | N/A |
Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow remote attackers to read cleartext VDI configuration-data requests by sniffing LDAP sessions on the network. | |||||
CVE-2009-1276 | 2 Gnome, Sun | 3 Gnome, Opensolaris, Solaris | 2009-08-10 | 2.1 LOW | N/A |
XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications. | |||||
CVE-2009-2596 | 1 Sun | 2 Opensolaris, Solaris | 2009-07-27 | 4.7 MEDIUM | N/A |
Unspecified vulnerability in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to fad_aupath structure members. | |||||
CVE-2009-2430 | 1 Sun | 2 Opensolaris, Solaris | 2009-07-22 | 4.6 MEDIUM | N/A |
Unspecified vulnerability in auditconfig in Sun Solaris 8, 9, 10, and OpenSolaris snv_01 through snv_58, when Solaris Auditing is enabled, allows local users with an RBAC execution profile for auditconfig to gain privileges via unknown attack vectors. | |||||
CVE-2009-2297 | 1 Sun | 2 Opensolaris, Solaris | 2009-07-14 | 7.1 HIGH | N/A |
Unspecified vulnerability in the udp subsystem in the kernel in Sun Solaris 10, and OpenSolaris snv_90 through snv_108, when Solaris Trusted Extensions is enabled, allows remote attackers to cause a denial of service (panic) via unspecified vectors involving the crgetlabel function, related to a "TX panic." NOTE: this issue exists because of a regression in earlier kernel patches. | |||||
CVE-2009-2137 | 1 Sun | 2 Opensolaris, Solaris | 2009-07-01 | 7.8 HIGH | N/A |
Memory leak in the Ultra-SPARC T2 crypto provider device driver (aka n2cp) in Sun Solaris 10, and OpenSolaris snv_54 through snv_112, allows context-dependent attackers to cause a denial of service (memory consumption) via unspecified vectors related to a large keylen value. | |||||
CVE-2009-2282 | 1 Sun | 2 Opensolaris, Solaris | 2009-07-01 | 4.6 MEDIUM | N/A |
The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10, and OpenSolaris snv_41 through snv_108, on SPARC platforms does not check authorization for guest console access, which allows local control-domain users to gain guest-domain privileges via unknown vectors. | |||||
CVE-2009-2187 | 1 Sun | 2 Opensolaris, Solaris | 2009-06-24 | 4.9 MEDIUM | N/A |
Multiple memory leaks in the (1) IP and (2) IPv6 multicast implementation in the kernel in Sun Solaris 10, and OpenSolaris snv_67 through snv_93, allow local users to cause a denial of service (memory consumption) via vectors related to the association of (a) DL_ENABMULTI_REQ and (b) DL_DISABMULTI_REQ messages with ARP messages. |