Filtered by vendor Sun
Subscribe
Total
1711 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4938 | 11 Apple, Hp, Ibm and 8 more | 18 Mac Os X, Hp-ux, Tru64 and 15 more | 2025-04-09 | 7.6 HIGH | N/A |
|
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
|
|||||
| CVE-2009-0319 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Unspecified vulnerability in the autofs module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_108, allows local users to cause a denial of service (autofs mount outage) or possibly gain privileges via vectors related to "xdr processing problems."
|
|||||
| CVE-2003-1572 | 1 Sun | 1 Jmf | 2025-04-09 | 9.3 HIGH | N/A |
|
Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields.
|
|||||
| CVE-2007-2466 | 1 Sun | 2 Java System Directory Server, One Directory Server | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in the LDAP Software Development Kit (SDK) for C, as used in Sun Java System Directory Server 5.2 up to Patch 4 and Sun ONE Directory Server 5.1, allows remote attackers to cause a denial of service (crash) via certain BER encodings.
|
|||||
| CVE-2007-3716 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 9.3 HIGH | N/A |
|
The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715.
|
|||||
| CVE-2007-4495 | 1 Sun | 1 Solaris | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on the x86 platform before 20070821 allows local users to cause a denial of service (system panic) via an unspecified ioctl function, aka Bug 6433124.
|
|||||
| CVE-2008-1193 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.
|
|||||
| CVE-2009-0267 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 5.0 MEDIUM | N/A |
|
libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does not properly check packets, which allows remote attackers to cause a denial of service (in.iked daemon crash) via an unspecified IKE packet, a different vulnerability than CVE-2007-2989.
|
|||||
| CVE-2007-1898 | 8 Apple, Hp, Jetbox and 5 more | 16 Mac Os X, Hp-ux, Tru64 and 13 more | 2025-04-09 | 5.8 MEDIUM | N/A |
|
formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.
|
|||||
| CVE-2008-4556 | 1 Sun | 1 Solaris | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request.
|
|||||
| CVE-2009-3871 | 2 Microsoft, Sun | 6 Windows, Java Se, Jdk and 3 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.
|
|||||
| CVE-2009-3884 | 1 Sun | 2 Jre, Openjdk | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.
|
|||||
| CVE-2009-3100 | 2 Sun, X.org | 3 Opensolaris, Solaris, X11 | 2025-04-09 | 4.0 MEDIUM | N/A |
|
xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking the screen and then attempting to launch an Accessibility pop-up window, related to a regression in certain Solaris and OpenSolaris patches.
|
|||||
| CVE-2007-0014 | 1 Sun | 1 Chainkey Java Code Protection | 2025-04-09 | 4.4 MEDIUM | N/A |
|
ChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM.
|
|||||
| CVE-2006-4842 | 2 Netscape, Sun | 2 Portable Runtime Api, Solaris | 2025-04-09 | 3.6 LOW | N/A |
|
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
|
|||||
| CVE-2008-3549 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 4.7 MEDIUM | N/A |
|
Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in Sun Solaris 10 and OpenSolaris before snv_90 allows local users to cause a denial of service (system hang or panic) via unknown vectors.
|
|||||
| CVE-2006-5652 | 1 Sun | 1 Iplanet Messaging Server Messenger Express | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE.
|
|||||
| CVE-2008-1190 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the "fourth" issue.
|
|||||
| CVE-2008-3109 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
|
|||||
| CVE-2009-3048 | 4 Conectiva, Freebsd, Opera and 1 more | 4 Linux, Freebsd, Opera Browser and 1 more | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file."
|
|||||
| CVE-2009-1102 | 1 Sun | 1 Java | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."
|
|||||
| CVE-2008-0242 | 1 Sun | 1 Solaris | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions.
|
|||||
| CVE-2008-3839 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 4.7 MEDIUM | N/A |
|
Unspecified vulnerability in the NFS module in the kernel in Sun Solaris 10 and OpenSolaris snv_59 through snv_87, when configured as an NFS server without the nodevices option, allows local users to cause a denial of service (panic) via unspecified vectors.
|
|||||
| CVE-2009-0857 | 1 Sun | 2 Management Center, Solaris | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in /prm/reports in the Performance Reporting Module (PRM) for Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: this can be leveraged for access to the SunMC Web Console.
|
|||||
| CVE-2008-3548 | 1 Sun | 1 Netra T5220 Server | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in the Sun Netra T5220 Server with firmware 7.1.3 allows local users to cause a denial of service (panic) via unknown vectors.
|
|||||
| CVE-2009-0167 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 4.7 MEDIUM | N/A |
|
Unspecified vulnerability in lpadmin in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to enumeration of "wrong printers," aka a "Temporary file vulnerability."
|
|||||
| CVE-2008-3113 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077.
|
|||||
| CVE-2006-5013 | 1 Sun | 1 Solaris | 2025-04-09 | 7.8 HIGH | N/A |
|
Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 systems using IPv6, allows remote attackers to cause a denial of service (kernel panic) via crafted IPv6 packets.
|
|||||
| CVE-2008-6192 | 1 Sun | 1 Java System Portal Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in unspecified Portlets in Sun Java System Portal Server 7.0 and 7.1 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2008-4619 | 1 Sun | 1 Sunos | 2025-04-09 | 10.0 HIGH | N/A |
|
The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of CVE-2007-0165.
|
|||||
| CVE-2007-3655 | 1 Sun | 1 Jre | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file.
|
|||||
| CVE-2009-0872 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes.
|
|||||
| CVE-2007-2881 | 1 Sun | 1 Java System Web Proxy Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation.
|
|||||
| CVE-2008-1186 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185, aka "the second issue."
|
|||||
| CVE-2008-4747 | 1 Sun | 2 Java Access Manager, Java System Ldap Jdk | 2025-04-09 | 2.1 LOW | N/A |
|
Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library.
|
|||||
| CVE-2007-1043 | 9 Apple, Ezboo, Hp and 6 more | 18 Mac Os X, Webstats, Hp-ux and 15 more | 2025-04-09 | 7.5 HIGH | N/A |
|
Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.
|
|||||
| CVE-2008-1115 | 1 Sun | 1 Solaris | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in Sun Solaris 8 directory functions allows local users to cause a denial of service (panic) via an unspecified sequence of system calls or commands.
|
|||||
| CVE-2009-1170 | 1 Sun | 1 Opensolaris | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Unspecified vulnerability in Sun OpenSolaris snv_100 through snv_101 allows local users, with privileges in a non-global zone, to execute arbitrary code in the global zone when a global-zone user is using mdb on a non-global zone process.
|
|||||
| CVE-2009-2135 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Multiple race conditions in the Solaris Event Port API in Sun Solaris 10 and OpenSolaris before snv_107 allow local users to cause a denial of service (panic) via unspecified vectors related to a race between the port_dissociate and close functions.
|
|||||
| CVE-2008-5352 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 9.3 HIGH | N/A |
|
Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.
|
|||||