| CVE-2002-0391 | Cri | 0.64 | 9.8 | 0.08 | | Aug 12, 2002 | Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. |
| CVE-1999-0069 | Hig | 0.58 | 8.4 | 0.01 | | Apr 29, 1998 | Solaris ufsrestore buffer overflow. |
| CVE-1999-0038 | Hig | 0.58 | 8.4 | 0.00 | | Apr 26, 1997 | Buffer overflow in xlock program allows local users to execute commands as root. |
| CVE-1999-0022 | Hig | 0.51 | 7.8 | 0.00 | | Jul 3, 1996 | Local user gains root privileges via buffer overflow in rdist, via expstr() function. |
| CVE-1999-0011 | Med | 0.36 | 5.4 | 0.11 | | Apr 8, 1998 | Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. |
| CVE-2012-0217 | | 0.10 | — | 0.88 | | Jun 12, 2012 | The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier. |
| CVE-2007-0882 | | 0.10 | — | 0.91 | | Feb 12, 2007 | Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account. |
| CVE-2004-0790 | | 0.10 | — | 0.85 | | Apr 12, 2005 | Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities. |
| CVE-2003-0201 | | 0.10 | — | 0.84 | | May 5, 2003 | Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code. |
| CVE-2001-0797 | | 0.10 | — | 0.89 | | Dec 12, 2001 | Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin. |
| CVE-1999-0003 | | 0.10 | — | 0.91 | | Apr 1, 1998 | Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd). |
| CVE-1999-0517 | | 0.10 | — | 0.92 | | Jan 1, 1997 | An SNMP community name is the default (e.g. public), null, or missing. |
| CVE-2005-4797 | | 0.09 | — | 0.73 | | Dec 31, 2005 | Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command. |
| CVE-2003-0694 | | 0.09 | — | 0.76 | | Oct 6, 2003 | The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. |
| CVE-2003-0027 | | 0.09 | — | 0.72 | | Feb 7, 2003 | Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure. |
| CVE-2001-0779 | | 0.09 | — | 0.74 | | Oct 18, 2001 | Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username. |
| CVE-2001-0236 | | 0.09 | — | 0.70 | | May 3, 2001 | Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event. |
| CVE-1999-0009 | | 0.09 | — | 0.80 | | Apr 8, 1998 | Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. |
| CVE-1999-0016 | | 0.09 | — | 0.81 | | Dec 1, 1997 | Land IP denial of service. |
| CVE-2003-0161 | | 0.08 | — | 0.68 | | Apr 2, 2003 | The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337. |
