Filtered by vendor Sun
Subscribe
Total
1711 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1601 | 1 Sun | 1 Cluster | 2025-04-03 | 1.7 LOW | N/A |
|
Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 allows local users with solaris.cluster.gui authorization to view arbitrary files via unspecified vectors.
|
|||||
| CVE-2005-1889 | 1 Sun | 1 Java System Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files.
|
|||||
| CVE-2001-0059 | 1 Sun | 1 Sunos | 2025-04-03 | 6.2 MEDIUM | N/A |
|
patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2002-0885 | 2 Caldera, Sun | 3 Openunix, Unixware, Sunos | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and possibly other operating systems including Caldera UnixWare and Open UNIX, allow remote attackers to execute arbitrary code, possibly via the functions (1) syserr and (2) error.
|
|||||
| CVE-1999-1580 | 2 Sendmail, Sun | 2 Sendmail, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.
|
|||||
| CVE-2002-0994 | 1 Sun | 1 Sun Pci Ii Driver | 2025-04-03 | 7.5 HIGH | N/A |
|
SunPCi II VNC uses a weak authentication scheme, which allows remote attackers to obtain the VNC password by sniffing the random byte challenge, which is used as the key for encrypted communications.
|
|||||
| CVE-2006-3920 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm.
|
|||||
| CVE-1999-0143 | 3 Mit, Process Software, Sun | 4 Kerberos, Kerberos 5, Multinet and 1 more | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.
|
|||||
| CVE-2001-1479 | 1 Sun | 1 Management\+center | 2025-04-03 | 2.1 LOW | N/A |
|
smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows local users to delete arbitrary files via a symlink attack on /tmp/smc$SMC_PORT.
|
|||||
| CVE-2005-3269 | 1 Sun | 4 Java System Directory Proxy Server, Java System Directory Server, One Administration Server and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in help.cgi in the HTTP administrative interface for (1) Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1, (2) Red Hat Directory Server and (3) Certificate Server before 7.1 SP1, (4) Sun ONE Directory Server 5.1 SP4 and earlier, and (5) Sun ONE Administration Server 5.2 allows remote attackers to cause a denial of service (admin server crash), or local users to gain root privileges.
|
|||||
| CVE-2003-0914 | 9 Compaq, Freebsd, Hp and 6 more | 10 Tru64, Freebsd, Hp-ux and 7 more | 2025-04-03 | 4.3 MEDIUM | N/A |
|
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
|
|||||
| CVE-1999-0139 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access.
|
|||||
| CVE-2001-1328 | 1 Sun | 1 Sunos | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code.
|
|||||
| CVE-1999-1080 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf.
|
|||||
| CVE-2004-1356 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.
|
|||||
| CVE-2003-1078 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.5 HIGH | N/A |
|
The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login.
|
|||||
| CVE-2000-0055 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.
|
|||||
| CVE-2000-0317 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Solaris 7 lpset allows local users to gain root privileges via a long -r option.
|
|||||
| CVE-1999-1388 | 1 Sun | 1 Sunos | 2025-04-03 | 6.2 MEDIUM | N/A |
|
passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument.
|
|||||
| CVE-1999-0973 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.
|
|||||
| CVE-2004-2393 | 1 Sun | 1 Jsse | 2025-04-03 | 7.5 HIGH | N/A |
|
Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not properly validate the certificate chain of a client or server, which allows remote attackers to falsely authenticate peers for SSL/TLS.
|
|||||
| CVE-2004-1307 | 10 Apple, Avaya, Conectiva and 7 more | 19 Mac Os X, Mac Os X Server, Call Management System Server and 16 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
|
|||||
| CVE-2003-1076 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local users to cause a denial of service (unknown impact) and possibly gain privileges via certain constructs in a .forward file.
|
|||||
| CVE-2002-0088 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path.
|
|||||
| CVE-2005-0816 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in newgrp in Solaris 7 through 9 allows local users to gain root privileges.
|
|||||
| CVE-2021-43360 | 1 Sun | 1 Ehrd | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services.
|
|||||
| CVE-2021-43359 | 1 Sun | 1 Ehrd | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services.
|
|||||
| CVE-2021-43358 | 1 Sun | 1 Ehrd | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files.
|
|||||
| CVE-2020-10510 | 1 Sun | 1 Ehrd | 2024-11-21 | 4.0 MEDIUM | 8.1 HIGH |
|
Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data.
|
|||||
| CVE-2020-10509 | 1 Sun | 1 Ehrd | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.
|
|||||
| CVE-2020-10508 | 1 Sun | 1 Ehrd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.
|
|||||