Solaris
CVEs (499)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-2710 | 0.00 | — | 0.01 | Jun 16, 2008 | Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL… | |||
| CVE-2008-2706 | 0.00 | — | 0.00 | Jun 16, 2008 | Unspecified vulnerability in the event port implementation in Sun Solaris 10 allows local users to cause a denial of service (panic) by submitting and retrieving user-defined events, probably related to a NULL dereference. | |||
| CVE-2008-2707 | 0.00 | — | 0.02 | Jun 16, 2008 | Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and OpenSolaris before snv_93 allows remote attackers to cause a denial of service (network connectivity loss) via unknown vectors. | |||
| CVE-2008-2552 | 0.00 | — | 0.00 | Jun 5, 2008 | Unspecified vulnerability in the Service Tag Registry on Sun Solaris 10, and Sun Service Tag before 1.1.3, allows local users to cause a denial of service (disk consumption) via unspecified vectors. | |||
| CVE-2008-2538 | 0.00 | — | 0.00 | Jun 3, 2008 | Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv_93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors. | |||
| CVE-2008-2418 | 0.00 | — | 0.00 | May 23, 2008 | Race condition in the STREAMS Administrative Driver (sad) in Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors. | |||
| CVE-2008-2121 | 0.00 | — | 0.02 | May 9, 2008 | The TCP implementation in Sun Solaris 8, 9, and 10 allows remote attackers to cause a denial of service (CPU consumption and new connection timeouts) via a TCP SYN flood attack. | |||
| CVE-2008-2089 | 0.00 | — | 0.02 | May 6, 2008 | Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet. | |||
| CVE-2008-2090 | 0.00 | — | 0.02 | May 6, 2008 | Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet. | |||
| CVE-2008-1779 | 0.00 | — | 0.02 | Apr 14, 2008 | Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a denial of service (panic) via unknown vectors related to self encapsulated IP packets. | |||
| CVE-2008-1778 | 0.00 | — | 0.00 | Apr 14, 2008 | Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknown vectors. | |||
| CVE-2008-1780 | 0.00 | — | 0.00 | Apr 14, 2008 | Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors. | |||
| CVE-2008-1684 | 0.00 | — | 0.00 | Apr 6, 2008 | inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file. | |||
| CVE-2008-1369 | 0.00 | — | 0.03 | Mar 18, 2008 | A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileges via unspecified vectors. | |||
| CVE-2008-1356 | 0.00 | — | 0.00 | Mar 17, 2008 | Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java Desktop System (JDS), when using the GNOME On-Screen Keyboard (GOK), allows local users to bypass authentication via unknown vectors that cause the screen saver to crash. | |||
| CVE-2008-1317 | 0.00 | — | 0.00 | Mar 13, 2008 | Unspecified vulnerability in the Inter-Process Communication (IPC) message queue subsystem in Sun Solaris 10 allows local users to cause a denial of service (reboot) via blocked I/O message queues. | |||
| CVE-2008-1205 | 0.00 | — | 0.00 | Mar 8, 2008 | Unspecified vulnerability in the ipsecah kernel module in Sun Solaris 10, when a key management daemon for IPsec security associations is running, allows local users to cause a denial of service (panic) via unspecified vectors. | |||
| CVE-2008-1115 | 0.00 | — | 0.00 | Mar 3, 2008 | Unspecified vulnerability in Sun Solaris 8 directory functions allows local users to cause a denial of service (panic) via an unspecified sequence of system calls or commands. | |||
| CVE-2008-1095 | 0.00 | — | 0.02 | Feb 29, 2008 | Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly. | |||
| CVE-2008-0938 | 0.00 | — | 0.00 | Feb 25, 2008 | Unspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability than CVE-2007-4126. |
- CVE-2008-2710Jun 16, 2008risk 0.00cvss —epss 0.01
Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL…
- CVE-2008-2706Jun 16, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the event port implementation in Sun Solaris 10 allows local users to cause a denial of service (panic) by submitting and retrieving user-defined events, probably related to a NULL dereference.
- CVE-2008-2707Jun 16, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and OpenSolaris before snv_93 allows remote attackers to cause a denial of service (network connectivity loss) via unknown vectors.
- CVE-2008-2552Jun 5, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Service Tag Registry on Sun Solaris 10, and Sun Service Tag before 1.1.3, allows local users to cause a denial of service (disk consumption) via unspecified vectors.
- CVE-2008-2538Jun 3, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv_93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors.
- CVE-2008-2418May 23, 2008risk 0.00cvss —epss 0.00
Race condition in the STREAMS Administrative Driver (sad) in Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.
- CVE-2008-2121May 9, 2008risk 0.00cvss —epss 0.02
The TCP implementation in Sun Solaris 8, 9, and 10 allows remote attackers to cause a denial of service (CPU consumption and new connection timeouts) via a TCP SYN flood attack.
- CVE-2008-2089May 6, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet.
- CVE-2008-2090May 6, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet.
- CVE-2008-1779Apr 14, 2008risk 0.00cvss —epss 0.02
Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a denial of service (panic) via unknown vectors related to self encapsulated IP packets.
- CVE-2008-1778Apr 14, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknown vectors.
- CVE-2008-1780Apr 14, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors.
- CVE-2008-1684Apr 6, 2008risk 0.00cvss —epss 0.00
inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file.
- CVE-2008-1369Mar 18, 2008risk 0.00cvss —epss 0.03
A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileges via unspecified vectors.
- CVE-2008-1356Mar 17, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java Desktop System (JDS), when using the GNOME On-Screen Keyboard (GOK), allows local users to bypass authentication via unknown vectors that cause the screen saver to crash.
- CVE-2008-1317Mar 13, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Inter-Process Communication (IPC) message queue subsystem in Sun Solaris 10 allows local users to cause a denial of service (reboot) via blocked I/O message queues.
- CVE-2008-1205Mar 8, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the ipsecah kernel module in Sun Solaris 10, when a key management daemon for IPsec security associations is running, allows local users to cause a denial of service (panic) via unspecified vectors.
- CVE-2008-1115Mar 3, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in Sun Solaris 8 directory functions allows local users to cause a denial of service (panic) via an unspecified sequence of system calls or commands.
- CVE-2008-1095Feb 29, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly.
- CVE-2008-0938Feb 25, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability than CVE-2007-4126.
Page 12 of 25