VYPR

Vendor CVEs

Sun Corporation

All CVEs

2,062 total · sorted by risk
  • CVE-2010-0091Apr 1, 2010
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0084.

  • CVE-2010-0090Apr 1, 2010
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18 allows remote attackers to affect integrity and availability via unknown vectors.

  • CVE-2010-0089Apr 1, 2010
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors.

  • CVE-2010-0088Apr 1, 2010
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different…

  • CVE-2010-0087Apr 1, 2010
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

  • CVE-2010-0085Apr 1, 2010
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different…

  • CVE-2010-0084Apr 1, 2010
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091.

  • CVE-2010-0082Apr 1, 2010
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

  • CVE-2010-0708Feb 25, 2010
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in (1) ns-slapd and (2) slapd.exe in Sun Directory Server Enterprise Edition 7.0, Sun Java System Directory Server 5.2, and Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allow remote attackers to cause a denial of…

  • CVE-2003-1590Feb 25, 2010
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors.

  • CVE-2003-1589Feb 25, 2010
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors.

  • CVE-2003-1588Feb 8, 2010
    risk 0.00cvss epss 0.00

    Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file.

  • CVE-2010-0559Feb 5, 2010
    risk 0.00cvss epss 0.01

    The default configuration of Oracle OpenSolaris snv_91 through snv_131 allows attackers to have an unspecified impact via vectors related to using kclient to join a Windows Active Directory domain.

  • CVE-2010-0558Feb 5, 2010
    risk 0.00cvss epss 0.01

    The default configuration of Oracle OpenSolaris snv_77 through snv_131 allows attackers to have an unspecified impact via vectors related to using smbadm to join a Windows Active Directory domain.

  • CVE-2003-1579Feb 5, 2010
    risk 0.00cvss epss 0.01

    Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS…

  • CVE-2003-1578Feb 5, 2010
    risk 0.00cvss epss 0.01

    Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a…

  • CVE-2003-1577Feb 5, 2010
    risk 0.00cvss epss 0.01

    Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via…

  • CVE-2005-4885Jan 28, 2010
    risk 0.00cvss epss 0.01

    Unspecified vulnerability on certain Sun StorEdge 6130 (SE6130) Controller Arrays allows remote attackers to delete data via unknown vectors.

  • CVE-2004-2766Jan 28, 2010
    risk 0.00cvss epss 0.01

    Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified "access" to e-mail via a crafted e-mail message, related to a "session hijacking" issue, a different vulnerability than CVE-2005-2022 and…

  • CVE-2004-2765Jan 28, 2010
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different…

  • CVE-2003-1576Jan 28, 2010
    risk 0.00cvss epss 0.05

    Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Management Center (SunMC) 3.0 on Solaris 8 and 9 on the sparc platform allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2010-0389Jan 25, 2010
    risk 0.00cvss epss 0.02

    The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method token.

  • CVE-2010-0360Jan 20, 2010
    risk 0.00cvss epss 0.03

    Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow."…

  • CVE-2010-0311Jan 14, 2010
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors.

  • CVE-2010-0310Jan 14, 2010
    risk 0.00cvss epss 0.00

    Trusted Extensions in Sun Solaris 10 allows local users to gain privileges via vectors related to omission of unspecified libraries from software updates.

  • CVE-2010-0273Jan 8, 2010
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this…

  • CVE-2010-0272Jan 8, 2010
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to discover process memory locations via crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no…

  • CVE-2010-0271Jan 8, 2010
    risk 0.00cvss epss 0.00

    hald in Sun OpenSolaris snv_51 through snv_130 does not have the proc_audit privilege during unspecified attempts to write to the auditing log, which makes it easier for physically proximate attackers to avoid detection of changes to the set of connected hardware devices…

  • CVE-2009-4443Dec 28, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the psearch (aka persistent search) functionality in Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service (psearch outage) by using a crafted…

  • CVE-2009-4442Dec 28, 2009
    risk 0.00cvss epss 0.02

    Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service (connection slot exhaustion) by making…

  • CVE-2009-4441Dec 28, 2009
    risk 0.00cvss epss 0.02

    Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SO_KEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service (connection slot exhaustion) via multiple connections,…

  • CVE-2009-4440Dec 28, 2009
    risk 0.00cvss epss 0.02

    Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and…

  • CVE-2009-4314Dec 14, 2009
    risk 0.00cvss epss 0.00

    Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking (AMGH) is enabled, responds to a logout action by immediately logging the user in again, which makes it easier for physically proximate attackers to obtain access to a session by going to an…

  • CVE-2009-4295Dec 11, 2009
    risk 0.00cvss epss 0.01

    Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed…

  • CVE-2009-4294Dec 11, 2009
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in the Authentication Manager (aka utauthd) in Sun Ray Server Software 4.0 and 4.1 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.

  • CVE-2009-4226Dec 8, 2009
    risk 0.00cvss epss 0.02

    Race condition in the IP module in the kernel in Sun OpenSolaris snv_106 through snv_124 allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors related to the (1) tcp_do_getsockname or (2) tcp_do_getpeername function.

  • CVE-2009-4191Dec 3, 2009
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the kernel in Sun Solaris 10 and OpenSolaris 2009.06 on the x86-64 platform allows local users to gain privileges via unknown vectors, as demonstrated by the vd_sol_local module in VulnDisco Pack Professional 8.12. NOTE: as of 20091203, this…

  • CVE-2009-4190Dec 3, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the kernel in Sun OpenSolaris 2009.06 allows remote attackers to cause a denial of service (panic) via unknown vectors, as demonstrated by the vd_solaris2 module in VulnDisco Pack Professional 8.12. NOTE: as of 20091203, this disclosure has no…

  • CVE-2009-4187Dec 3, 2009
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-4080Nov 29, 2009
    risk 0.00cvss epss 0.00

    Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor…

  • CVE-2009-4075Nov 25, 2009
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the timeout mechanism in sshd in Sun Solaris 10, and OpenSolaris snv_99 through snv_123, allows remote attackers to cause a denial of service (daemon outage) via unknown vectors that trigger a "dangling sshd authentication thread."

  • CVE-2009-3940Nov 16, 2009
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors.

  • CVE-2009-3937Nov 13, 2009
    risk 0.00cvss epss 0.00

    Memory leak in Solaris TCP sockets in Sun OpenSolaris snv_106 through snv_126 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors involving tcp_sendmsg processing "ancillary data."

  • CVE-2009-3923Nov 10, 2009
    risk 0.00cvss epss 0.02

    The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.

  • CVE-2009-3886Nov 9, 2009
    risk 0.00cvss epss 0.02

    The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a "regression," aka Bug Id 6870531.

  • CVE-2009-3885Nov 9, 2009
    risk 0.00cvss epss 0.02

    Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows allows remote attackers to cause a denial of service via a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) profile file, probably a related issue to CVE-2007-2789,…

  • CVE-2009-3884Nov 9, 2009
    risk 0.00cvss epss 0.03

    The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.

  • CVE-2009-3883Nov 9, 2009
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable…

  • CVE-2009-3882Nov 9, 2009
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026.

  • CVE-2009-3881Nov 9, 2009
    risk 0.00cvss epss 0.03

    Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id…

Page 25 of 42