Sunos
CVEs (563)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-1980 | 0.00 | — | 0.00 | Dec 31, 2002 | Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 through 8 allows local users to execute arbitrary code via unknown attack vectors. | |||
| CVE-2002-2197 | 0.00 | — | 0.00 | Dec 31, 2002 | Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a denial of service (kernel panic) via a program that uses /dev/poll, triggering a NULL pointer dereference. | |||
| CVE-2002-1584 | 0.00 | — | 0.06 | Dec 27, 2002 | Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other platforms, allows remote attackers to gain privileges. | |||
| CVE-2002-1296 | 0.00 | — | 0.01 | Dec 23, 2002 | Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module. | |||
| CVE-2002-1345 | 0.00 | — | 0.03 | Dec 23, 2002 | Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences. | |||
| CVE-2002-1323 | 0.00 | — | 0.00 | Dec 11, 2002 | Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls. | |||
| CVE-2002-1587 | 0.00 | — | 0.00 | Dec 4, 2002 | The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 allows local users to cause a denial of service (hang) of an application that uses libthread by causing the application to wait for a certain mutex. | |||
| CVE-2002-1586 | 0.00 | — | 0.00 | Dec 3, 2002 | Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference. | |||
| CVE-2002-1585 | 0.00 | — | 0.02 | Nov 8, 2002 | Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 for SPARC allows remote attackers to cause a denial of service via certain packets that cause some network interfaces to stop responding to TCP traffic. | |||
| CVE-2002-1590 | 0.00 | — | 0.00 | Oct 29, 2002 | The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges… | |||
| CVE-2002-1228 | 0.00 | — | 0.02 | Oct 28, 2002 | Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows an NFS client to cause a denial of service by killing the lockd daemon. | |||
| CVE-2002-1199 | 0.00 | — | 0.02 | Oct 28, 2002 | The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments. | |||
| CVE-2002-1589 | 0.00 | — | 0.00 | Oct 24, 2002 | Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, KMF_DEADBEEF, or deadbeef) is set in the kmem_flags kernel parameter, allows local users to cause a denial of service (system panic). | |||
| CVE-2002-0885 | 0.00 | — | 0.03 | Oct 4, 2002 | Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and possibly other operating systems including Caldera UnixWare and Open UNIX, allow remote attackers to execute arbitrary code, possibly via the functions (1) syserr and (2) error. | |||
| CVE-2002-0884 | 0.00 | — | 0.03 | Oct 4, 2002 | Multiple format string vulnerabilities in in.rarpd (ARP server) on Solaris, Caldera UnixWare and Open UNIX, and possibly other operating systems, allows remote attackers to execute arbitrary code via format strings that are not properly handled in the functions (1) syserr and… | |||
| CVE-2002-0797 | 0.00 | — | 0.03 | Aug 12, 2002 | Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges. | |||
| CVE-2002-0796 | 0.00 | — | 0.04 | Aug 12, 2002 | Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges. | |||
| CVE-2002-0089 | 0.00 | — | 0.00 | Mar 15, 2002 | Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file. | |||
| CVE-2002-0085 | 0.00 | — | 0.02 | Mar 15, 2002 | cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a denial of service (crash) via an invalid procedure call in an RPC request. | |||
| CVE-2002-0088 | 0.00 | — | 0.00 | Mar 15, 2002 | Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path. |
- CVE-2002-1980Dec 31, 2002risk 0.00cvss —epss 0.00
Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 through 8 allows local users to execute arbitrary code via unknown attack vectors.
- CVE-2002-2197Dec 31, 2002risk 0.00cvss —epss 0.00
Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a denial of service (kernel panic) via a program that uses /dev/poll, triggering a NULL pointer dereference.
- CVE-2002-1584Dec 27, 2002risk 0.00cvss —epss 0.06
Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other platforms, allows remote attackers to gain privileges.
- CVE-2002-1296Dec 23, 2002risk 0.00cvss —epss 0.01
Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module.
- CVE-2002-1345Dec 23, 2002risk 0.00cvss —epss 0.03
Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.
- CVE-2002-1323Dec 11, 2002risk 0.00cvss —epss 0.00
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.
- CVE-2002-1587Dec 4, 2002risk 0.00cvss —epss 0.00
The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 allows local users to cause a denial of service (hang) of an application that uses libthread by causing the application to wait for a certain mutex.
- CVE-2002-1586Dec 3, 2002risk 0.00cvss —epss 0.00
Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference.
- CVE-2002-1585Nov 8, 2002risk 0.00cvss —epss 0.02
Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 for SPARC allows remote attackers to cause a denial of service via certain packets that cause some network interfaces to stop responding to TCP traffic.
- CVE-2002-1590Oct 29, 2002risk 0.00cvss —epss 0.00
The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges…
- CVE-2002-1228Oct 28, 2002risk 0.00cvss —epss 0.02
Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows an NFS client to cause a denial of service by killing the lockd daemon.
- CVE-2002-1199Oct 28, 2002risk 0.00cvss —epss 0.02
The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.
- CVE-2002-1589Oct 24, 2002risk 0.00cvss —epss 0.00
Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, KMF_DEADBEEF, or deadbeef) is set in the kmem_flags kernel parameter, allows local users to cause a denial of service (system panic).
- CVE-2002-0885Oct 4, 2002risk 0.00cvss —epss 0.03
Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and possibly other operating systems including Caldera UnixWare and Open UNIX, allow remote attackers to execute arbitrary code, possibly via the functions (1) syserr and (2) error.
- CVE-2002-0884Oct 4, 2002risk 0.00cvss —epss 0.03
Multiple format string vulnerabilities in in.rarpd (ARP server) on Solaris, Caldera UnixWare and Open UNIX, and possibly other operating systems, allows remote attackers to execute arbitrary code via format strings that are not properly handled in the functions (1) syserr and…
- CVE-2002-0797Aug 12, 2002risk 0.00cvss —epss 0.03
Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
- CVE-2002-0796Aug 12, 2002risk 0.00cvss —epss 0.04
Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
- CVE-2002-0089Mar 15, 2002risk 0.00cvss —epss 0.00
Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file.
- CVE-2002-0085Mar 15, 2002risk 0.00cvss —epss 0.02
cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a denial of service (crash) via an invalid procedure call in an RPC request.
- CVE-2002-0088Mar 15, 2002risk 0.00cvss —epss 0.00
Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path.
Page 23 of 29