Solaris
CVEs (497)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-1999-0502 | 0.07 | — | 0.52 | Mar 1, 1998 | A Unix account has a default, null, blank, or missing password. | |||
| CVE-2003-0161 | 0.06 | — | 0.38 | Apr 2, 2003 | The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control… | |||
| CVE-2001-0554 | 0.06 | — | 0.38 | Aug 14, 2001 | Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function. | |||
| CVE-2005-4797 | 0.05 | — | 0.29 | Dec 31, 2005 | Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command. | |||
| CVE-2004-0791 | 0.05 | — | 0.20 | Apr 12, 2005 | Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790,… | |||
| CVE-2003-0027 | 0.05 | — | 0.26 | Feb 7, 2003 | Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure. | |||
| CVE-2002-1317 | 0.05 | — | 0.24 | Dec 11, 2002 | Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query. | |||
| CVE-2002-0033 | 0.05 | — | 0.23 | May 29, 2002 | Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name. | |||
| CVE-1999-0003 | 0.05 | — | 0.24 | Apr 1, 1998 | Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd). | |||
| CVE-2009-0304 | 0.04 | — | 0.10 | Jan 27, 2009 | The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficient validation security vulnerability," as demonstrated by SunOSipv6.c. | |||
| CVE-2008-4619 | 0.04 | — | 0.12 | Oct 21, 2008 | The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of… | |||
| CVE-2008-0964 | 0.04 | — | 0.14 | Aug 8, 2008 | Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet. | |||
| CVE-2007-0634 | 0.04 | — | 0.09 | Jan 31, 2007 | Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets. | |||
| CVE-2007-0165 | 0.04 | — | 0.09 | Jan 10, 2007 | Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind. | |||
| CVE-2006-4842 | 0.04 | — | 0.08 | Oct 12, 2006 | The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files. | |||
| CVE-2005-3398 | 0.04 | — | 0.13 | Nov 1, 2005 | The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers. | |||
| CVE-2002-0436 | 0.04 | — | 0.12 | Jul 26, 2002 | sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter. | |||
| CVE-2000-0844 | 0.04 | — | 0.15 | Nov 14, 2000 | Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. | |||
| CVE-1999-0977 | 0.04 | — | 0.13 | Dec 10, 1999 | Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request. | |||
| CVE-1999-0848 | 0.04 | — | 0.06 | Nov 10, 1999 | Denial of service in BIND named via consuming more than "fdmax" file descriptors. |
- CVE-1999-0502Mar 1, 1998risk 0.07cvss —epss 0.52
A Unix account has a default, null, blank, or missing password.
- CVE-2003-0161Apr 2, 2003risk 0.06cvss —epss 0.38
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control…
- CVE-2001-0554Aug 14, 2001risk 0.06cvss —epss 0.38
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
- CVE-2005-4797Dec 31, 2005risk 0.05cvss —epss 0.29
Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command.
- CVE-2004-0791Apr 12, 2005risk 0.05cvss —epss 0.20
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790,…
- CVE-2003-0027Feb 7, 2003risk 0.05cvss —epss 0.26
Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.
- CVE-2002-1317Dec 11, 2002risk 0.05cvss —epss 0.24
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
- CVE-2002-0033May 29, 2002risk 0.05cvss —epss 0.23
Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.
- CVE-1999-0003Apr 1, 1998risk 0.05cvss —epss 0.24
Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).
- CVE-2009-0304Jan 27, 2009risk 0.04cvss —epss 0.10
The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficient validation security vulnerability," as demonstrated by SunOSipv6.c.
- CVE-2008-4619Oct 21, 2008risk 0.04cvss —epss 0.12
The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of…
- CVE-2008-0964Aug 8, 2008risk 0.04cvss —epss 0.14
Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.
- CVE-2007-0634Jan 31, 2007risk 0.04cvss —epss 0.09
Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.
- CVE-2007-0165Jan 10, 2007risk 0.04cvss —epss 0.09
Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.
- CVE-2006-4842Oct 12, 2006risk 0.04cvss —epss 0.08
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
- CVE-2005-3398Nov 1, 2005risk 0.04cvss —epss 0.13
The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.
- CVE-2002-0436Jul 26, 2002risk 0.04cvss —epss 0.12
sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.
- CVE-2000-0844Nov 14, 2000risk 0.04cvss —epss 0.15
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
- CVE-1999-0977Dec 10, 1999risk 0.04cvss —epss 0.13
Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.
- CVE-1999-0848Nov 10, 1999risk 0.04cvss —epss 0.06
Denial of service in BIND named via consuming more than "fdmax" file descriptors.
Page 2 of 25