Filtered by vendor Sun
Subscribe
Total
1711 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2072 | 1 Sun | 1 Jre | 2025-04-03 | 5.0 MEDIUM | N/A |
|
java.security.AccessController in Sun Java Virtual Machine (JVM) in JRE 1.2.2 and 1.3.1 allows remote attackers to cause a denial of service (JVM crash) via a Java program that calls the doPrivileged method with a null argument.
|
|||||
| CVE-1999-0057 | 5 Eric Allman, Freebsd, Hp and 2 more | 7 Vacation, Freebsd, Hp-ux and 4 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Vacation program allows command execution by remote users through a sendmail command.
|
|||||
| CVE-2005-1518 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services (FNS), autofs, and FNS X.500 configuration, allows local users to cause a denial of service (automountd crash) when "accessing" /xfn/_x500.
|
|||||
| CVE-2001-1306 | 1 Sun | 1 Iplanet Directory Server | 2025-04-03 | 7.5 HIGH | N/A |
|
iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid BER length of length fields, as demonstrated by the PROTOS LDAPv3 test suite.
|
|||||
| CVE-2004-1394 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges.
|
|||||
| CVE-2001-0229 | 1 Sun | 1 Chilisoft | 2025-04-03 | 7.2 HIGH | N/A |
|
Chili!Soft ASP for Linux before 3.6 does not properly set group privileges when running in inherited mode, which could allow attackers to gain privileges via malicious scripts.
|
|||||
| CVE-1999-0217 | 1 Sun | 1 Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems.
|
|||||
| CVE-2005-4045 | 1 Sun | 1 Java Communications Services Delegated Administrator | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in System Communications Services 6 Delegated Administrator 2005Q1 in Sun Java System Messaging Server 2005Q1 allows remote attackers to obtain the Top-Level Administrator (TLA) default password via unknown vectors, possibly involving configure_toplevel_admin.ldif.
|
|||||
| CVE-1999-1123 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
The installation of Sun Source (sunsrc) tapes allows local users to gain root privileges via setuid root programs (1) makeinstall or (2) winstall.
|
|||||
| CVE-2003-1080 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 1.2 LOW | N/A |
|
Unknown vulnerability in mail for Solaris 2.6 through 9 allows local users to read the email of other users.
|
|||||
| CVE-2005-2072 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT.
|
|||||
| CVE-2006-3664 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors.
|
|||||
| CVE-2003-1060 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference.
|
|||||
| CVE-2000-0696 | 1 Sun | 1 Solaris Answerbook2 | 2025-04-03 | 7.5 HIGH | N/A |
|
The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script.
|
|||||
| CVE-2002-0058 | 2 Microsoft, Sun | 4 Virtual Machine, Jdk, Jre and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK.
|
|||||
| CVE-2006-0531 | 1 Sun | 1 Java System Access Manager | 2025-04-03 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool.
|
|||||
| CVE-2001-0426 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental variable.
|
|||||
| CVE-1999-1424 | 1 Sun | 1 Solstice Adminsuite | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions when adding new users to the NIS+ password table, which allows local users to gain root access by modifying their password table entries.
|
|||||
| CVE-2001-1414 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.5 HIGH | N/A |
|
The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root.
|
|||||
| CVE-1999-0003 | 5 Hp, Ibm, Sgi and 2 more | 6 Hp-ux, Aix, Irix and 3 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).
|
|||||
| CVE-2002-0033 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.
|
|||||
| CVE-2004-2686 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure.
|
|||||
| CVE-2000-1076 | 2 Netscape, Sun | 2 Directory Server, Iplanet Certificate Management System | 2025-04-03 | 10.0 HIGH | N/A |
|
Netscape (iPlanet) Certificate Management System 4.2 and Directory Server 4.12 stores the administrative password in plaintext, which could allow local and possibly remote attackers to gain administrative privileges on the server.
|
|||||
| CVE-1999-1197 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges.
|
|||||
| CVE-2006-3225 | 1 Sun | 2 Java System Application Server, One Application Server | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.
|
|||||
| CVE-2004-1350 | 1 Sun | 1 Java System Web Proxy Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in Sun Java System Web Proxy Server (formerly Sun ONE Proxy Server) 3.6 through 3.6 SP4 allow remote attackers to execute arbitrary code via unknown vectors, possibly CONNECT requests.
|
|||||
| CVE-2002-2323 | 1 Sun | 1 Solaris Pc Netlink | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
|
Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions.
|
|||||
| CVE-1999-0084 | 1 Sun | 1 Nfs | 2025-04-03 | 7.2 HIGH | 8.4 HIGH |
|
Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.
|
|||||
| CVE-1999-0417 | 1 Sun | 1 Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
64 bit Solaris 7 procfs allows local users to perform a denial of service.
|
|||||
| CVE-2003-1068 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4659277, a different vulnerability than CVE-2003-1082.
|
|||||
| CVE-1999-0321 | 1 Sun | 1 Solaris | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Solaris kcms_configure command allows local users to gain root access.
|
|||||
| CVE-2004-0651 | 1 Sun | 2 Jre, Sdk | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 through 1.4.2_03 allows remote attackers to cause a denial of service (virtual machine hang).
|
|||||
| CVE-2004-0701 | 1 Sun | 1 Ray Server Software | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 does not properly detect a smartcard removal when the card is quickly removed, reinserted, and removed again, which could cause a user session to stay logged in and allow local users to gain unauthorized access.
|
|||||
| CVE-2004-1358 | 1 Sun | 1 Solaris | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged.
|
|||||
| CVE-2006-3825 | 1 Sun | 1 Solaris | 2025-04-03 | 2.1 LOW | N/A |
|
The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication.
|
|||||
| CVE-2006-0647 | 1 Sun | 1 Java System Directory Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
LDAP service in Sun Java System Directory Server 5.2, running on Linux and possibly other platforms, allows remote attackers to cause a denial of service (memory allocation error) via an LDAP packet with a crafted subtree search request, as demonstrated using the ProtoVer LDAP test suite.
|
|||||
| CVE-1999-1158 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in (1) pluggable authentication module (PAM) on Solaris 2.5.1 and 2.5 and (2) unix_scheme in Solaris 2.4 and 2.3 allows local users to gain root privileges via programs that use these modules such as passwd, yppasswd, and nispasswd.
|
|||||
| CVE-2002-1763 | 1 Sun | 1 Sunos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" and "Return" keys are pressed repeatedly and quickly, which allows local users to access the current session.
|
|||||
| CVE-2001-0353 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via a "transfer job" routine.
|
|||||
| CVE-1999-0046 | 10 Bsdi, Debian, Digital and 7 more | 10 Bsd Os, Debian Linux, Ultrix and 7 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow of rlogin program using TERM environmental variable.
|
|||||