Solaris
CVEs (498)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-1767 | 0.00 | — | 0.00 | Dec 31, 2004 | The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function. | |||
| CVE-2004-1393 | 0.00 | — | 0.03 | Dec 31, 2004 | Unknown vulnerability in the tcsetattr function for Sun Solaris for SPARC 2.6, 7, and 8 allows local users to cause a denial of service (system hang). | |||
| CVE-2004-2306 | 0.00 | — | 0.00 | Dec 31, 2004 | Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection. | |||
| CVE-2004-1394 | 0.00 | — | 0.00 | Dec 31, 2004 | The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges. | |||
| CVE-2004-0780 | 0.00 | — | 0.01 | Dec 31, 2004 | Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to execute arbitrary code via a long -S command line argument. | |||
| CVE-2004-1351 | 0.00 | — | 0.06 | Dec 7, 2004 | Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code. | |||
| CVE-2004-0496 | 0.00 | — | 0.00 | Dec 6, 2004 | Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool. | |||
| CVE-2004-1352 | 0.00 | — | 0.01 | Dec 1, 2004 | Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may allow local users to execute arbitrary code. | |||
| CVE-2004-1353 | 0.00 | — | 0.00 | Oct 19, 2004 | Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role Based Access Control (RBAC), allows local users to execute certain commands with additional privileges. | |||
| CVE-2004-1348 | 0.00 | — | 0.02 | Sep 6, 2004 | Unknown vulnerability in in.named on Solaris 8 allows remote attackers to cause a denial of service (process crash). | |||
| CVE-2004-0800 | 0.00 | — | 0.00 | Aug 24, 2004 | Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value. | |||
| CVE-2004-0653 | 0.00 | — | 0.00 | Aug 6, 2004 | Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files. | |||
| CVE-2004-0654 | 0.00 | — | 0.00 | Aug 6, 2004 | Unknown vulnerability in the Basic Security Module (BSM), when configured to audit either the Administrative (ad) or the System-Wide Administration (as) audit class in Solaris 7, 8, and 9, allows local users to cause a denial of service (kernel panic). | |||
| CVE-2004-1346 | 0.00 | — | 0.00 | Jun 19, 2004 | The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users to cause a denial of service (kernel panic) via a malformed probe request to the SVM. | |||
| CVE-2004-1354 | 0.00 | — | 0.04 | May 14, 2004 | The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a… | |||
| CVE-2004-1355 | 0.00 | — | 0.00 | Apr 26, 2004 | Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors. | |||
| CVE-2004-1356 | 0.00 | — | 0.00 | Apr 23, 2004 | Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors. | |||
| CVE-2004-1942 | 0.00 | — | 0.01 | Apr 19, 2004 | The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as… | |||
| CVE-2004-1357 | 0.00 | — | 0.03 | Apr 7, 2004 | The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properly log IP addresses when SSHD is configured with the ListenAddress as 0.0.0.0, which makes it easier for remote attackers to hide the source of their activities. | |||
| CVE-2004-1358 | 0.00 | — | 0.01 | Mar 12, 2004 | The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged. |
- CVE-2004-1767Dec 31, 2004risk 0.00cvss —epss 0.00
The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function.
- CVE-2004-1393Dec 31, 2004risk 0.00cvss —epss 0.03
Unknown vulnerability in the tcsetattr function for Sun Solaris for SPARC 2.6, 7, and 8 allows local users to cause a denial of service (system hang).
- CVE-2004-2306Dec 31, 2004risk 0.00cvss —epss 0.00
Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection.
- CVE-2004-1394Dec 31, 2004risk 0.00cvss —epss 0.00
The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges.
- CVE-2004-0780Dec 31, 2004risk 0.00cvss —epss 0.01
Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to execute arbitrary code via a long -S command line argument.
- CVE-2004-1351Dec 7, 2004risk 0.00cvss —epss 0.06
Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code.
- CVE-2004-0496Dec 6, 2004risk 0.00cvss —epss 0.00
Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool.
- CVE-2004-1352Dec 1, 2004risk 0.00cvss —epss 0.01
Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may allow local users to execute arbitrary code.
- CVE-2004-1353Oct 19, 2004risk 0.00cvss —epss 0.00
Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role Based Access Control (RBAC), allows local users to execute certain commands with additional privileges.
- CVE-2004-1348Sep 6, 2004risk 0.00cvss —epss 0.02
Unknown vulnerability in in.named on Solaris 8 allows remote attackers to cause a denial of service (process crash).
- CVE-2004-0800Aug 24, 2004risk 0.00cvss —epss 0.00
Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value.
- CVE-2004-0653Aug 6, 2004risk 0.00cvss —epss 0.00
Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files.
- CVE-2004-0654Aug 6, 2004risk 0.00cvss —epss 0.00
Unknown vulnerability in the Basic Security Module (BSM), when configured to audit either the Administrative (ad) or the System-Wide Administration (as) audit class in Solaris 7, 8, and 9, allows local users to cause a denial of service (kernel panic).
- CVE-2004-1346Jun 19, 2004risk 0.00cvss —epss 0.00
The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users to cause a denial of service (kernel panic) via a malformed probe request to the SVM.
- CVE-2004-1354May 14, 2004risk 0.00cvss —epss 0.04
The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a…
- CVE-2004-1355Apr 26, 2004risk 0.00cvss —epss 0.00
Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.
- CVE-2004-1356Apr 23, 2004risk 0.00cvss —epss 0.00
Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.
- CVE-2004-1942Apr 19, 2004risk 0.00cvss —epss 0.01
The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as…
- CVE-2004-1357Apr 7, 2004risk 0.00cvss —epss 0.03
The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properly log IP addresses when SSHD is configured with the ListenAddress as 0.0.0.0, which makes it easier for remote attackers to hide the source of their activities.
- CVE-2004-1358Mar 12, 2004risk 0.00cvss —epss 0.01
The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged.
Page 19 of 25