VYPR

Solaris

by Sun Corporation

CVEs (497)

  • CVE-1999-0875Aug 11, 1999
    risk 0.04cvss epss 0.18

    DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes.

  • CVE-1999-0696Jul 1, 1999
    risk 0.04cvss epss 0.12

    Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).

  • CVE-1999-0009Apr 8, 1998
    risk 0.04cvss epss 0.29

    Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

  • CVE-1999-0018Dec 5, 1997
    risk 0.04cvss epss 0.10

    Buffer overflow in statd allows root privileges.

  • CVE-2010-1183Mar 29, 2010
    risk 0.03cvss epss 0.00

    Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager.

  • CVE-2010-0453Feb 3, 2010
    risk 0.03cvss epss 0.01

    The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and OpenSolaris snv_69 through snv_133, when running on x86 architectures, allows local users to cause a denial of service (panic) via a request with a 0 size value to the UCODE_GET_VERSION IOCTL, which triggers…

  • CVE-2009-1478Apr 29, 2009
    risk 0.03cvss epss 0.01

    Multiple unspecified vulnerabilities in the DTrace ioctl handlers in Sun Solaris 10, and OpenSolaris before snv_114, allow local users to cause a denial of service (panic) via unknown vectors.

  • CVE-2008-5689Dec 19, 2008
    risk 0.03cvss epss 0.01

    tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference.

  • CVE-2008-5010Nov 10, 2008
    risk 0.03cvss epss 0.05

    in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ID 6713805.

  • CVE-2008-4131Sep 19, 2008
    risk 0.03cvss epss 0.01

    Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privileges via vectors related to handling of tags with (1) the -t option and (2) the :tag command in the (a) vi, (b) ex, (c) vedit, (d) view, and (e) edit programs.

  • CVE-2008-1480Mar 24, 2008
    risk 0.03cvss epss 0.06

    rpc.metad in Sun Solaris 10 allows remote attackers to cause a denial of service (daemon crash) via a malformed RPC request.

  • CVE-2007-5225Oct 5, 2007
    risk 0.03cvss epss 0.01

    Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl.

  • CVE-2006-5726Nov 6, 2006
    risk 0.03cvss epss 0.01

    alloccgblk in the UFS filesystem in Solaris 10 allows local users to cause a denial of service (memory corruption) by mounting crafted UFS filesystems with malformed data structures.

  • CVE-2006-4655Sep 9, 2006
    risk 0.03cvss epss 0.01

    Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.

  • CVE-2006-3824Jul 25, 2006
    risk 0.03cvss epss 0.01

    systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. NOTE: this issue has been referred to as an integer overflow, but it is probably more…

  • CVE-2006-0745Mar 21, 2006
    risk 0.03cvss epss 0.01

    X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the…

  • CVE-2005-2072Jun 29, 2005
    risk 0.03cvss epss 0.01

    The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT.

  • CVE-2005-2071Jun 29, 2005
    risk 0.03cvss epss 0.01

    traceroute in Sun Solaris 10 on x86 systems allows local users to execute arbitrary code with PRIV_NET_RAWACCESS privileges via (1) a large number of -g arguments or (2) a malformed -s argument with a trailing . (dot).

  • CVE-2004-2686Dec 31, 2004
    risk 0.03cvss epss 0.01

    Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient…

  • CVE-2004-0360Nov 23, 2004
    risk 0.03cvss epss 0.01

    Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local users to gain privileges via unknown attack vectors.

Page 3 of 25