Solaris
CVEs (499)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-4796 | 0.00 | — | 0.00 | Dec 31, 2005 | Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits. | |||
| CVE-2005-4133 | 0.00 | — | 0.00 | Dec 9, 2005 | Sun Update Connection in Sun Solaris 10, when configured to use a web proxy, allows local users to obtain the proxy authentication password via (1) an unspecified vector and (2) proxy log files. | |||
| CVE-2005-3781 | 0.00 | — | 0.02 | Nov 23, 2005 | Unspecified vulnerability in in.named in Solaris 9 allows attackers to cause a denial of service via unknown manipulations that cause in.named to "make unnecessary queries." | |||
| CVE-2005-3674 | 0.00 | — | 0.05 | Nov 18, 2005 | The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Sun Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked crash) via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to… | |||
| CVE-2005-3250 | 0.00 | — | 0.00 | Oct 17, 2005 | Unknown vulnerability in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors related to the "/proc" filesystem, which trigger a null dereference. | |||
| CVE-2005-3238 | 0.00 | — | 0.00 | Oct 14, 2005 | Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option Processing allows local users to cause a denial of service (panic) via unspecified attack vectors. | |||
| CVE-2005-3099 | 0.00 | — | 0.00 | Sep 28, 2005 | Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in Solaris 7, 8, 9, and 10 allows local users to execute arbitrary code. | |||
| CVE-2005-3071 | 0.00 | — | 0.00 | Sep 27, 2005 | Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9, when logging is enabled, allows local users to cause a denial of service ("soft hang") via certain write operations to UFS. | |||
| CVE-2005-3001 | 0.00 | — | 0.00 | Sep 20, 2005 | Unspecified vulnerability in the "tl" driver in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors. | |||
| CVE-2005-2870 | 0.00 | — | 0.03 | Sep 8, 2005 | Unknown vulnerability in the net-svc script on Solaris 10 allows remote authenticated users to execute arbitrary code on a DHCP client via certain DHCP responses. | |||
| CVE-2005-2032 | 0.00 | — | 0.00 | Jun 16, 2005 | Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files. | |||
| CVE-2005-1887 | 0.00 | — | 0.00 | Jun 9, 2005 | Unknown vulnerability in the Sun Solaris C library (libc and libproject) in Solaris 10 allows local users to gain privileges. | |||
| CVE-2005-1591 | 0.00 | — | 0.01 | May 16, 2005 | Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (rpc.nisd disabled and NIS+ unavailable) via unknown vectors. | |||
| CVE-2005-1518 | 0.00 | — | 0.00 | May 11, 2005 | Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services (FNS), autofs, and FNS X.500 configuration, allows local users to cause a denial of service (automountd crash) when "accessing" /xfn/_x500. | |||
| CVE-2005-1124 | 0.00 | — | 0.00 | May 2, 2005 | Unknown vulnerability in the libgss Generic Security Services Library in Solaris 7, 8, and 9 allows local users to gain privileges by loading their own GSS-API. | |||
| CVE-2005-0816 | 0.00 | — | 0.00 | May 2, 2005 | Buffer overflow in newgrp in Solaris 7 through 9 allows local users to gain root privileges. | |||
| CVE-2005-0426 | 0.00 | — | 0.02 | May 2, 2005 | Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via "Heavy UDP Usage" that triggers a NULL dereference. | |||
| CVE-2005-0248 | 0.00 | — | 0.01 | May 2, 2005 | The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to break into those accounts. | |||
| CVE-2005-0576 | 0.00 | — | 0.00 | May 2, 2005 | Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files. | |||
| CVE-2004-0481 | 0.00 | — | 0.00 | Feb 23, 2005 | The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file. |
- CVE-2005-4796Dec 31, 2005risk 0.00cvss —epss 0.00
Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits.
- CVE-2005-4133Dec 9, 2005risk 0.00cvss —epss 0.00
Sun Update Connection in Sun Solaris 10, when configured to use a web proxy, allows local users to obtain the proxy authentication password via (1) an unspecified vector and (2) proxy log files.
- CVE-2005-3781Nov 23, 2005risk 0.00cvss —epss 0.02
Unspecified vulnerability in in.named in Solaris 9 allows attackers to cause a denial of service via unknown manipulations that cause in.named to "make unnecessary queries."
- CVE-2005-3674Nov 18, 2005risk 0.00cvss —epss 0.05
The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Sun Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked crash) via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to…
- CVE-2005-3250Oct 17, 2005risk 0.00cvss —epss 0.00
Unknown vulnerability in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors related to the "/proc" filesystem, which trigger a null dereference.
- CVE-2005-3238Oct 14, 2005risk 0.00cvss —epss 0.00
Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option Processing allows local users to cause a denial of service (panic) via unspecified attack vectors.
- CVE-2005-3099Sep 28, 2005risk 0.00cvss —epss 0.00
Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in Solaris 7, 8, 9, and 10 allows local users to execute arbitrary code.
- CVE-2005-3071Sep 27, 2005risk 0.00cvss —epss 0.00
Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9, when logging is enabled, allows local users to cause a denial of service ("soft hang") via certain write operations to UFS.
- CVE-2005-3001Sep 20, 2005risk 0.00cvss —epss 0.00
Unspecified vulnerability in the "tl" driver in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.
- CVE-2005-2870Sep 8, 2005risk 0.00cvss —epss 0.03
Unknown vulnerability in the net-svc script on Solaris 10 allows remote authenticated users to execute arbitrary code on a DHCP client via certain DHCP responses.
- CVE-2005-2032Jun 16, 2005risk 0.00cvss —epss 0.00
Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files.
- CVE-2005-1887Jun 9, 2005risk 0.00cvss —epss 0.00
Unknown vulnerability in the Sun Solaris C library (libc and libproject) in Solaris 10 allows local users to gain privileges.
- CVE-2005-1591May 16, 2005risk 0.00cvss —epss 0.01
Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (rpc.nisd disabled and NIS+ unavailable) via unknown vectors.
- CVE-2005-1518May 11, 2005risk 0.00cvss —epss 0.00
Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services (FNS), autofs, and FNS X.500 configuration, allows local users to cause a denial of service (automountd crash) when "accessing" /xfn/_x500.
- CVE-2005-1124May 2, 2005risk 0.00cvss —epss 0.00
Unknown vulnerability in the libgss Generic Security Services Library in Solaris 7, 8, and 9 allows local users to gain privileges by loading their own GSS-API.
- CVE-2005-0816May 2, 2005risk 0.00cvss —epss 0.00
Buffer overflow in newgrp in Solaris 7 through 9 allows local users to gain root privileges.
- CVE-2005-0426May 2, 2005risk 0.00cvss —epss 0.02
Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via "Heavy UDP Usage" that triggers a NULL dereference.
- CVE-2005-0248May 2, 2005risk 0.00cvss —epss 0.01
The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to break into those accounts.
- CVE-2005-0576May 2, 2005risk 0.00cvss —epss 0.00
Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files.
- CVE-2004-0481Feb 23, 2005risk 0.00cvss —epss 0.00
The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file.
Page 18 of 25