VYPR

Vendor CVEs

Sun Corporation

All CVEs

2,062 total · sorted by risk
  • CVE-2013-2465CriKEVJun 18, 2013
    risk 0.93cvss 9.8epss 0.99

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown…

  • CVE-2012-4681CriKEVAug 28, 2012
    risk 0.93cvss 9.8epss 0.99

    Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findCla…

  • CVE-2012-0507CriKEVJun 7, 2012
    risk 0.93cvss 9.8epss 0.98

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related…

  • CVE-2012-5076CriKEVOct 16, 2012
    risk 0.86cvss 9.8epss 0.91

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.

  • CVE-2015-2590CriKEVJul 16, 2015
    risk 0.78cvss 9.8epss 0.26

    Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.

  • CVE-2008-3431HigKEVAug 5, 2008
    risk 0.73cvss 8.8epss 0.07

    The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the…

  • CVE-2003-0466CriAug 27, 2003
    risk 0.73cvss 9.8epss 0.78

    Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow,…

  • CVE-2002-0391CriAug 12, 2002
    risk 0.68cvss 9.8epss 0.58

    Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as…

  • CVE-1999-1588CriDec 31, 1999
    risk 0.67cvss 9.8epss 0.10

    Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766.

  • CVE-2001-0249CriJun 18, 2001
    risk 0.65cvss 9.8epss 0.20

    Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.

  • CVE-2017-3241CriJan 27, 2017
    risk 0.64cvss 9.0epss 0.33

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows…

  • CVE-2016-1291CriApr 6, 2016
    risk 0.64cvss 9.8epss 0.07

    Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.

  • CVE-2016-1329CriMar 3, 2016
    risk 0.64cvss 9.8epss 0.04

    Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID…

  • CVE-2015-6319CriJan 27, 2016
    risk 0.64cvss 9.8epss 0.03

    SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574.

  • CVE-2017-3289CriJan 27, 2017
    risk 0.63cvss 9.6epss 0.02

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access…

  • CVE-2017-3272CriJan 27, 2017
    risk 0.63cvss 9.6epss 0.03

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network…

  • CVE-2016-3610CriJul 21, 2016
    risk 0.63cvss 9.6epss 0.06

    Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598.

  • CVE-2016-3606CriJul 21, 2016
    risk 0.63cvss 9.6epss 0.04

    Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.

  • CVE-2016-3587CriJul 21, 2016
    risk 0.63cvss 9.6epss 0.06

    Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.

  • CVE-1999-0069HigApr 29, 1998
    risk 0.58cvss 8.4epss 0.01

    Solaris ufsrestore buffer overflow.

  • CVE-1999-0038HigApr 26, 1997
    risk 0.58cvss 8.4epss 0.01

    Buffer overflow in xlock program allows local users to execute commands as root.

  • CVE-2016-1302HigFeb 7, 2016
    risk 0.57cvss 8.8epss 0.02

    Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via…

  • CVE-1999-0084HigMay 1, 1990
    risk 0.55cvss 8.4epss 0.00

    Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.

  • CVE-2018-2964HigJul 18, 2018
    risk 0.54cvss 8.3epss 0.03

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise…

  • CVE-2018-2941HigJul 18, 2018
    risk 0.54cvss 8.3epss 0.02

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u181, 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise…

  • CVE-2018-2825HigApr 19, 2018
    risk 0.54cvss 8.3epss 0.04

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.…

  • CVE-2018-2814HigApr 19, 2018
    risk 0.54cvss 8.3epss 0.04

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with…

  • CVE-2018-2639HigJan 18, 2018
    risk 0.54cvss 8.3epss 0.03

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise…

  • CVE-2018-2638HigJan 18, 2018
    risk 0.54cvss 8.3epss 0.03

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise…

  • CVE-2018-2633HigJan 18, 2018
    risk 0.54cvss 8.3epss 0.06

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows…

  • CVE-2017-3260HigJan 27, 2017
    risk 0.54cvss 8.3epss 0.02

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.…

  • CVE-2003-0411HigJun 30, 2003
    risk 0.54cvss 7.5epss 0.27

    Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.

  • CVE-2016-3552HigJul 21, 2016
    risk 0.53cvss 8.1epss 0.00

    Unspecified vulnerability in Oracle Java SE 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install.

  • CVE-2016-1290HigApr 6, 2016
    risk 0.53cvss 8.1epss 0.01

    The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka…

  • CVE-2010-0386HigJan 25, 2010
    risk 0.53cvss 8.1epss 0.02

    The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and…

  • CVE-2025-40763HigNov 11, 2025
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly validate environment variables when loading shared libraries, allowing path hijacking through malicious library substitution. This could allow a local…

  • CVE-1999-0022HigJul 3, 1996
    risk 0.51cvss 7.8epss 0.01

    Local user gains root privileges via buffer overflow in rdist, via expstr() function.

  • CVE-2018-2811HigApr 19, 2018
    risk 0.50cvss 7.7epss 0.00

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to…

  • CVE-2018-2794HigApr 19, 2018
    risk 0.50cvss 7.7epss 0.01

    Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the…

  • CVE-2016-3511HigJul 21, 2016
    risk 0.50cvss 7.7epss 0.01

    Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.

  • CVE-2016-3503HigJul 21, 2016
    risk 0.50cvss 7.7epss 0.01

    Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install.

  • CVE-2004-0079HigNov 23, 2004
    risk 0.50cvss 7.5epss 0.10

    The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

  • CVE-2026-34282HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK:…

  • CVE-2026-22016HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle…

  • CVE-2026-21945HigJan 20, 2026
    risk 0.49cvss 7.5epss 0.01

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle…

  • CVE-2025-12097HigDec 4, 2025
    risk 0.49cvss 7.5epss 0.01

    There is a relative path traversal vulnerability in the NI System Web Server that may result in information disclosure.  Successful exploitation requires an attacker to send a specially crafted request to the NI System Web Server, allowing the attacker to read arbitrary files.…

  • CVE-2025-53066HigOct 21, 2025
    risk 0.49cvss 7.5epss 0.01

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16…

  • CVE-2024-57412HigSep 29, 2025
    risk 0.49cvss 7.5epss 0.00

    An issue in SunOS Omnios v5.11 allows attackers to cause a Denial of Service (DoS) via repeatedly sending crafted TCP packets.

  • CVE-2022-21476HigApr 19, 2022
    risk 0.49cvss 7.5epss 0.04

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2.…

  • CVE-2018-2627HigJan 18, 2018
    risk 0.49cvss 7.5epss 0.00

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Java SE executes to…

Page 1 of 42