VYPR

Solaris

by Sun Corporation

CVEs (499)

  • CVE-2007-3069Jun 6, 2007
    risk 0.00cvss epss 0.00

    xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session with Assistive Technology support is running, allows attackers with physical access to take control of the session after entering an Alt-Tab sequence.

  • CVE-2007-2989Jun 1, 2007
    risk 0.00cvss epss 0.03

    The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue…

  • CVE-2007-2990Jun 1, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 allows local users to cause a denial of service (daemon termination) via unspecified manipulations of the /var/run/.inetd.uds Unix domain socket file.

  • CVE-2007-2882May 30, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets.

  • CVE-2007-2529May 9, 2007
    risk 0.00cvss epss 0.00

    Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL.

  • CVE-2007-2465May 2, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing (BSM) is enabled for file read, write, attribute modify, create, or delete audit classes, allows local users to cause a denial of service (panic) via unknown vectors, possibly related to the audit_savepath…

  • CVE-2007-1681Apr 19, 2007
    risk 0.00cvss epss 0.05

    Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a…

  • CVE-2007-2045Apr 16, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the IP implementation in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (CPU consumption) via crafted IP packets, probably related to fragmented packets with duplicate or missing fragments.

  • CVE-2007-1794Apr 2, 2007
    risk 0.00cvss epss 0.04

    The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to…

  • CVE-2006-7140Mar 7, 2007
    risk 0.00cvss epss 0.01

    The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents…

  • CVE-2006-7028Feb 23, 2007
    risk 0.00cvss epss 0.02

    Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allows remote attackers to cause a denial of service (console hang) via a flood of small TCP/IP packets. NOTE: this issue has not been replicated by third parties. In addition, the cause is unknown, although it…

  • CVE-2007-0914Feb 14, 2007
    risk 0.00cvss epss 0.02

    Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors.

  • CVE-2007-0895Feb 13, 2007
    risk 0.00cvss epss 0.00

    Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which…

  • CVE-2007-0668Feb 2, 2007
    risk 0.00cvss epss 0.00

    The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in a non-global zone to move and rename files in a read-only filesystem, which could lead to a denial of service.

  • CVE-2007-0503Jan 25, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors.

  • CVE-2007-0470Jan 24, 2007
    risk 0.00cvss epss 0.00

    Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors.

  • CVE-2007-0393Jan 19, 2007
    risk 0.00cvss epss 0.00

    Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.

  • CVE-2006-6494Dec 13, 2006
    risk 0.00cvss epss 0.00

    Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers.

  • CVE-2006-6495Dec 13, 2006
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege…

  • CVE-2006-6275Dec 4, 2006
    risk 0.00cvss epss 0.00

    Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals.

Page 15 of 25