Solaris
CVEs (497)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-1073 | 0.03 | — | 0.01 | Dec 31, 2003 | A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the… | |||
| CVE-2003-0609 | 0.03 | — | 0.04 | Aug 27, 2003 | Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable. | |||
| CVE-2003-1055 | 0.03 | — | 0.01 | Jul 3, 2003 | Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 may allow local users to gain root access via a long hostname in an LDAP lookup. | |||
| CVE-2003-1071 | 0.03 | — | 0.01 | Jan 3, 2003 | rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header. | |||
| CVE-2002-0572 | 0.03 | — | 0.02 | Jul 3, 2002 | FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid… | |||
| CVE-2002-0158 | 0.03 | — | 0.01 | Apr 2, 2002 | Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument. | |||
| CVE-2001-1582 | 0.03 | — | 0.01 | Dec 31, 2001 | Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS environment variable to a privileged program that uses libsldap. | |||
| CVE-2001-0565 | 0.03 | — | 0.01 | Aug 14, 2001 | Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privileges via a long '-F' command line option. | |||
| CVE-2001-0548 | 0.03 | — | 0.01 | Aug 14, 2001 | Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable. | |||
| CVE-2001-0526 | 0.03 | — | 0.01 | Aug 14, 2001 | Buffer overflow in the Xview library as used by mailtool in Solaris 8 and earlier allows a local attacker to gain privileges via the OPENWINHOME environment variable. | |||
| CVE-2001-0594 | 0.03 | — | 0.01 | Aug 2, 2001 | kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument. | |||
| CVE-2001-1076 | 0.03 | — | 0.01 | Jul 5, 2001 | Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable. | |||
| CVE-2001-0422 | 0.03 | — | 0.01 | Jul 2, 2001 | Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable. | |||
| CVE-2001-0423 | 0.03 | — | 0.01 | Jul 2, 2001 | Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ (timezone) environmental variable, a different vulnerability than CAN-2002-0093. | |||
| CVE-2001-0426 | 0.03 | — | 0.01 | Jul 2, 2001 | Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental variable. | |||
| CVE-2001-0421 | 0.03 | — | 0.06 | Jul 2, 2001 | FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive… | |||
| CVE-2001-0401 | 0.03 | — | 0.01 | Jun 18, 2001 | Buffer overflow in tip in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable. | |||
| CVE-2001-0403 | 0.03 | — | 0.01 | Jun 18, 2001 | /opt/JSparm/bin/perfmon program in Solaris allows local users to create arbitrary files as root via the Logging File option in the GUI. | |||
| CVE-2001-0165 | 0.03 | — | 0.01 | May 3, 2001 | Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8 allows local users to gain privileges via a long "arg0" (process name) argument. | |||
| CVE-2001-0115 | 0.03 | — | 0.01 | Mar 12, 2001 | Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter. |
- CVE-2003-1073Dec 31, 2003risk 0.03cvss —epss 0.01
A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the…
- CVE-2003-0609Aug 27, 2003risk 0.03cvss —epss 0.04
Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable.
- CVE-2003-1055Jul 3, 2003risk 0.03cvss —epss 0.01
Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 may allow local users to gain root access via a long hostname in an LDAP lookup.
- CVE-2003-1071Jan 3, 2003risk 0.03cvss —epss 0.01
rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header.
- CVE-2002-0572Jul 3, 2002risk 0.03cvss —epss 0.02
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid…
- CVE-2002-0158Apr 2, 2002risk 0.03cvss —epss 0.01
Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument.
- CVE-2001-1582Dec 31, 2001risk 0.03cvss —epss 0.01
Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS environment variable to a privileged program that uses libsldap.
- CVE-2001-0565Aug 14, 2001risk 0.03cvss —epss 0.01
Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privileges via a long '-F' command line option.
- CVE-2001-0548Aug 14, 2001risk 0.03cvss —epss 0.01
Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable.
- CVE-2001-0526Aug 14, 2001risk 0.03cvss —epss 0.01
Buffer overflow in the Xview library as used by mailtool in Solaris 8 and earlier allows a local attacker to gain privileges via the OPENWINHOME environment variable.
- CVE-2001-0594Aug 2, 2001risk 0.03cvss —epss 0.01
kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument.
- CVE-2001-1076Jul 5, 2001risk 0.03cvss —epss 0.01
Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable.
- CVE-2001-0422Jul 2, 2001risk 0.03cvss —epss 0.01
Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.
- CVE-2001-0423Jul 2, 2001risk 0.03cvss —epss 0.01
Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ (timezone) environmental variable, a different vulnerability than CAN-2002-0093.
- CVE-2001-0426Jul 2, 2001risk 0.03cvss —epss 0.01
Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental variable.
- CVE-2001-0421Jul 2, 2001risk 0.03cvss —epss 0.06
FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive…
- CVE-2001-0401Jun 18, 2001risk 0.03cvss —epss 0.01
Buffer overflow in tip in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.
- CVE-2001-0403Jun 18, 2001risk 0.03cvss —epss 0.01
/opt/JSparm/bin/perfmon program in Solaris allows local users to create arbitrary files as root via the Logging File option in the GUI.
- CVE-2001-0165May 3, 2001risk 0.03cvss —epss 0.01
Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8 allows local users to gain privileges via a long "arg0" (process name) argument.
- CVE-2001-0115Mar 12, 2001risk 0.03cvss —epss 0.01
Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter.
Page 4 of 25