Vendor CVEs
Sun Corporation
All CVEs
2,062 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-2675 | 0.00 | — | 0.04 | Aug 5, 2009 | Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR… | |||
| CVE-2009-2673 | 0.00 | — | 0.05 | Aug 5, 2009 | The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a… | |||
| CVE-2009-2672 | 0.00 | — | 0.05 | Aug 5, 2009 | The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote… | |||
| CVE-2009-2671 | 0.00 | — | 0.04 | Aug 5, 2009 | The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application… | |||
| CVE-2009-2670 | 0.00 | — | 0.03 | Aug 5, 2009 | The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent… | |||
| CVE-2009-2652 | 0.00 | — | 0.02 | Aug 3, 2009 | Unspecified vulnerability in Solaris Trusted Extensions in Sun Solaris 10, and OpenSolaris snv_37 through snv_120, allows remote attackers to cause a denial of service (panic) via vectors involving the parsing of labeled packets. | |||
| CVE-2009-2644 | 0.00 | — | 0.00 | Jul 29, 2009 | Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to "pathnames for invalid fds." | |||
| CVE-2009-2597 | 0.00 | — | 0.03 | Jul 27, 2009 | The Sun Java System (SJS) Access Manager Policy Agent module 2.2 for SJS Web Proxy Server 4.0 allows remote attackers to cause a denial of service (daemon crash) via a GET request. | |||
| CVE-2009-2596 | 0.00 | — | 0.00 | Jul 27, 2009 | Unspecified vulnerability in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to fad_aupath structure members. | |||
| CVE-2009-2491 | 0.00 | — | 0.00 | Jul 16, 2009 | The utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to access the sessions of arbitrary users via unknown vectors related to "resource leaks." | |||
| CVE-2009-2490 | 0.00 | — | 0.00 | Jul 16, 2009 | Unspecified vulnerability in the utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to cause a denial of service (audio outage) or possibly gain privileges via unknown vectors related to "resource leaks." | |||
| CVE-2009-2489 | 0.00 | — | 0.00 | Jul 16, 2009 | Unspecified vulnerability in the utdmsession program in Sun Ray Server Software (SRSS) 4.0 allows local users to access the sessions of arbitrary users via unknown vectors. | |||
| CVE-2009-2488 | 0.00 | — | 0.00 | Jul 16, 2009 | Unspecified vulnerability in the NFSv4 module in the kernel in Sun Solaris 10, and OpenSolaris snv_102 through snv_119, allows local users to cause a denial of service (client panic) via vectors involving "file operations." | |||
| CVE-2009-2487 | 0.00 | — | 0.03 | Jul 16, 2009 | Use-after-free vulnerability in the frpr_icmp function in the ipfilter (aka IP Filter) subsystem in Sun Solaris 10, and OpenSolaris snv_45 through snv_110, allows remote attackers to cause a denial of service (panic) via unspecified vectors. | |||
| CVE-2009-2486 | 0.00 | — | 0.02 | Jul 16, 2009 | Unspecified vulnerability in the SCTP implementation in Sun Solaris 10, and OpenSolaris before snv_120, allows remote attackers to cause a denial of service (panic) via unspecified packets. | |||
| CVE-2009-2458 | 0.00 | — | 0.01 | Jul 14, 2009 | Unspecified vulnerability in Sun Fire V215 Server, when using XVR-100 graphic cards on system boards with part number 375-3463 and a hardware dash level -04 or later, allows remote attackers to cause a denial of service (panic) via unknown vectors. | |||
| CVE-2009-2445 | 0.00 | — | 0.03 | Jul 13, 2009 | Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI. | |||
| CVE-2009-2430 | 0.00 | — | 0.00 | Jul 10, 2009 | Unspecified vulnerability in auditconfig in Sun Solaris 8, 9, 10, and OpenSolaris snv_01 through snv_58, when Solaris Auditing is enabled, allows local users with an RBAC execution profile for auditconfig to gain privileges via unknown attack vectors. | |||
| CVE-2009-2387 | 0.00 | — | 0.00 | Jul 9, 2009 | Unspecified vulnerability in the proc filesystem in Sun OpenSolaris snv_49 through snv_109 allows local users to cause a denial of service (deadlock and panic) via unknown vectors, related to the ldt_rewrite_syscall function. | |||
| CVE-2009-2314 | 0.00 | — | 0.00 | Jul 5, 2009 | Race condition in the Sun Lightweight Availability Collection Tool 3.0 on Solaris 7 through 10 allows local users to overwrite arbitrary files via unspecified vectors. | |||
| CVE-2009-2297 | 0.00 | — | 0.01 | Jul 2, 2009 | Unspecified vulnerability in the udp subsystem in the kernel in Sun Solaris 10, and OpenSolaris snv_90 through snv_108, when Solaris Trusted Extensions is enabled, allows remote attackers to cause a denial of service (panic) via unspecified vectors involving the crgetlabel… | |||
| CVE-2009-2296 | 0.00 | — | 0.04 | Jul 2, 2009 | The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors. | |||
| CVE-2009-2283 | 0.00 | — | 0.02 | Jul 1, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2009-2282 | 0.00 | — | 0.00 | Jul 1, 2009 | The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10, and OpenSolaris snv_41 through snv_108, on SPARC platforms does not check authorization for guest console access, which allows local control-domain users to gain guest-domain… | |||
| CVE-2009-2268 | 0.00 | — | 0.02 | Jul 1, 2009 | Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2009-2187 | 0.00 | — | 0.00 | Jun 25, 2009 | Multiple memory leaks in the (1) IP and (2) IPv6 multicast implementation in the kernel in Sun Solaris 10, and OpenSolaris snv_67 through snv_93, allow local users to cause a denial of service (memory consumption) via vectors related to the association of (a) DL_ENABMULTI_REQ… | |||
| CVE-2009-2137 | 0.00 | — | 0.02 | Jun 19, 2009 | Memory leak in the Ultra-SPARC T2 crypto provider device driver (aka n2cp) in Sun Solaris 10, and OpenSolaris snv_54 through snv_112, allows context-dependent attackers to cause a denial of service (memory consumption) via unspecified vectors related to a large keylen value. | |||
| CVE-2009-2136 | 0.00 | — | 0.03 | Jun 19, 2009 | Unspecified vulnerability in the TCP/IP networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_117, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via… | |||
| CVE-2009-2135 | 0.00 | — | 0.00 | Jun 19, 2009 | Multiple race conditions in the Solaris Event Port API in Sun Solaris 10 and OpenSolaris before snv_107 allow local users to cause a denial of service (panic) via unspecified vectors related to a race between the port_dissociate and close functions. | |||
| CVE-2009-1719 | 0.00 | — | 0.05 | Jun 16, 2009 | The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer. | |||
| CVE-2009-2031 | 0.00 | — | 0.00 | Jun 11, 2009 | smbfs in Sun OpenSolaris snv_84 through snv_110, when default mount permissions are used, allows local users to read arbitrary files, and list arbitrary directories, on CIFS volumes. | |||
| CVE-2009-2030 | 0.00 | — | 0.02 | Jun 11, 2009 | Unspecified vulnerability in the XML Digital Signature verification functionality in JVA-RUN in JDK 6.0 in IBM OS/400 i5/OS V5R4M0 and V6R1M0 has unknown impact and attack vectors related to "XML SECURITY PATCH." | |||
| CVE-2009-2029 | 0.00 | — | 0.01 | Jun 11, 2009 | Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+ callbacks. | |||
| CVE-2009-2012 | 0.00 | — | 0.00 | Jun 9, 2009 | Unspecified vulnerability in idmap in Sun OpenSolaris snv_88 through snv_110, when a CIFS server is enabled, allows local users to cause a denial of service (idpmapd daemon crash and idmapd outage) via unknown vectors. | |||
| CVE-2009-1934 | 0.00 | — | 0.02 | Jun 5, 2009 | Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error. | |||
| CVE-2009-1933 | 0.00 | — | 0.00 | Jun 5, 2009 | Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_117, does not properly manage credential caches, which allows local users to access Kerberized NFS mount points and Kerberized NFS shares via unspecified vectors. | |||
| CVE-2004-2764 | 0.00 | — | 0.02 | Jun 2, 2009 | Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT… | |||
| CVE-2004-2763 | 0.00 | — | 0.02 | Jun 1, 2009 | The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site… | |||
| CVE-2003-1573 | 0.00 | — | 0.05 | Jun 1, 2009 | The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and… | |||
| CVE-2003-1572 | 0.00 | — | 0.02 | Jun 1, 2009 | Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields. | |||
| CVE-2009-1796 | 0.00 | — | 0.02 | May 26, 2009 | Cross-site scripting (XSS) vulnerability in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to an error page. | |||
| CVE-2009-1763 | 0.00 | — | 0.00 | May 22, 2009 | Unspecified vulnerability in the Solaris Secure Digital slot driver (aka sdhost) in Sun OpenSolaris snv_105 through snv_108 on the x86 platform allows local users to gain privileges or cause a denial of service (filesystem or memory corruption) via unknown vectors. | |||
| CVE-2009-1673 | 0.00 | — | 0.00 | May 18, 2009 | The kernel in Sun Solaris 9 allows local users to cause a denial of service (panic) by calling fstat with a first argument of AT_FDCWD. | |||
| CVE-2009-1190 | 0.00 | — | 0.03 | Apr 27, 2009 | Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows… | |||
| CVE-2009-1359 | 0.00 | — | 0.00 | Apr 22, 2009 | Unspecified vulnerability in the SCTP sockets implementation in Sun OpenSolaris snv_106 through snv_107 allows local users to cause a denial of service (panic) via unknown vectors. | |||
| CVE-2009-1332 | 0.00 | — | 0.02 | Apr 17, 2009 | The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified vectors. | |||
| CVE-2009-0794 | 0.00 | — | 0.03 | Apr 13, 2009 | Integer overflow in the PulseAudioTargetDataL class in src/java/org/classpath/icedtea/pulseaudio/PulseAudioTargetDataLine.java in Pulse-Java, as used in OpenJDK 1.6.0.0 and other products, allows remote attackers to cause a denial of service (applet crash) via a crafted Pulse… | |||
| CVE-2009-1276 | 0.00 | — | 0.00 | Apr 9, 2009 | XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by… | |||
| CVE-2009-0793 | 0.00 | — | 0.05 | Apr 9, 2009 | cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of… | |||
| CVE-2009-1207 | 0.00 | — | 0.00 | Apr 1, 2009 | Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files. |
- CVE-2009-2675Aug 5, 2009risk 0.00cvss —epss 0.04
Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR…
- CVE-2009-2673Aug 5, 2009risk 0.00cvss —epss 0.05
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a…
- CVE-2009-2672Aug 5, 2009risk 0.00cvss —epss 0.05
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote…
- CVE-2009-2671Aug 5, 2009risk 0.00cvss —epss 0.04
The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application…
- CVE-2009-2670Aug 5, 2009risk 0.00cvss —epss 0.03
The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent…
- CVE-2009-2652Aug 3, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in Solaris Trusted Extensions in Sun Solaris 10, and OpenSolaris snv_37 through snv_120, allows remote attackers to cause a denial of service (panic) via vectors involving the parsing of labeled packets.
- CVE-2009-2644Jul 29, 2009risk 0.00cvss —epss 0.00
Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to "pathnames for invalid fds."
- CVE-2009-2597Jul 27, 2009risk 0.00cvss —epss 0.03
The Sun Java System (SJS) Access Manager Policy Agent module 2.2 for SJS Web Proxy Server 4.0 allows remote attackers to cause a denial of service (daemon crash) via a GET request.
- CVE-2009-2596Jul 27, 2009risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to fad_aupath structure members.
- CVE-2009-2491Jul 16, 2009risk 0.00cvss —epss 0.00
The utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to access the sessions of arbitrary users via unknown vectors related to "resource leaks."
- CVE-2009-2490Jul 16, 2009risk 0.00cvss —epss 0.00
Unspecified vulnerability in the utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to cause a denial of service (audio outage) or possibly gain privileges via unknown vectors related to "resource leaks."
- CVE-2009-2489Jul 16, 2009risk 0.00cvss —epss 0.00
Unspecified vulnerability in the utdmsession program in Sun Ray Server Software (SRSS) 4.0 allows local users to access the sessions of arbitrary users via unknown vectors.
- CVE-2009-2488Jul 16, 2009risk 0.00cvss —epss 0.00
Unspecified vulnerability in the NFSv4 module in the kernel in Sun Solaris 10, and OpenSolaris snv_102 through snv_119, allows local users to cause a denial of service (client panic) via vectors involving "file operations."
- CVE-2009-2487Jul 16, 2009risk 0.00cvss —epss 0.03
Use-after-free vulnerability in the frpr_icmp function in the ipfilter (aka IP Filter) subsystem in Sun Solaris 10, and OpenSolaris snv_45 through snv_110, allows remote attackers to cause a denial of service (panic) via unspecified vectors.
- CVE-2009-2486Jul 16, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in the SCTP implementation in Sun Solaris 10, and OpenSolaris before snv_120, allows remote attackers to cause a denial of service (panic) via unspecified packets.
- CVE-2009-2458Jul 14, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in Sun Fire V215 Server, when using XVR-100 graphic cards on system boards with part number 375-3463 and a hardware dash level -04 or later, allows remote attackers to cause a denial of service (panic) via unknown vectors.
- CVE-2009-2445Jul 13, 2009risk 0.00cvss —epss 0.03
Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI.
- CVE-2009-2430Jul 10, 2009risk 0.00cvss —epss 0.00
Unspecified vulnerability in auditconfig in Sun Solaris 8, 9, 10, and OpenSolaris snv_01 through snv_58, when Solaris Auditing is enabled, allows local users with an RBAC execution profile for auditconfig to gain privileges via unknown attack vectors.
- CVE-2009-2387Jul 9, 2009risk 0.00cvss —epss 0.00
Unspecified vulnerability in the proc filesystem in Sun OpenSolaris snv_49 through snv_109 allows local users to cause a denial of service (deadlock and panic) via unknown vectors, related to the ldt_rewrite_syscall function.
- CVE-2009-2314Jul 5, 2009risk 0.00cvss —epss 0.00
Race condition in the Sun Lightweight Availability Collection Tool 3.0 on Solaris 7 through 10 allows local users to overwrite arbitrary files via unspecified vectors.
- CVE-2009-2297Jul 2, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in the udp subsystem in the kernel in Sun Solaris 10, and OpenSolaris snv_90 through snv_108, when Solaris Trusted Extensions is enabled, allows remote attackers to cause a denial of service (panic) via unspecified vectors involving the crgetlabel…
- CVE-2009-2296Jul 2, 2009risk 0.00cvss —epss 0.04
The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors.
- CVE-2009-2283Jul 1, 2009risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2009-2282Jul 1, 2009risk 0.00cvss —epss 0.00
The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10, and OpenSolaris snv_41 through snv_108, on SPARC platforms does not check authorization for guest console access, which allows local control-domain users to gain guest-domain…
- CVE-2009-2268Jul 1, 2009risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2009-2187Jun 25, 2009risk 0.00cvss —epss 0.00
Multiple memory leaks in the (1) IP and (2) IPv6 multicast implementation in the kernel in Sun Solaris 10, and OpenSolaris snv_67 through snv_93, allow local users to cause a denial of service (memory consumption) via vectors related to the association of (a) DL_ENABMULTI_REQ…
- CVE-2009-2137Jun 19, 2009risk 0.00cvss —epss 0.02
Memory leak in the Ultra-SPARC T2 crypto provider device driver (aka n2cp) in Sun Solaris 10, and OpenSolaris snv_54 through snv_112, allows context-dependent attackers to cause a denial of service (memory consumption) via unspecified vectors related to a large keylen value.
- CVE-2009-2136Jun 19, 2009risk 0.00cvss —epss 0.03
Unspecified vulnerability in the TCP/IP networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_117, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via…
- CVE-2009-2135Jun 19, 2009risk 0.00cvss —epss 0.00
Multiple race conditions in the Solaris Event Port API in Sun Solaris 10 and OpenSolaris before snv_107 allow local users to cause a denial of service (panic) via unspecified vectors related to a race between the port_dissociate and close functions.
- CVE-2009-1719Jun 16, 2009risk 0.00cvss —epss 0.05
The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer.
- CVE-2009-2031Jun 11, 2009risk 0.00cvss —epss 0.00
smbfs in Sun OpenSolaris snv_84 through snv_110, when default mount permissions are used, allows local users to read arbitrary files, and list arbitrary directories, on CIFS volumes.
- CVE-2009-2030Jun 11, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in the XML Digital Signature verification functionality in JVA-RUN in JDK 6.0 in IBM OS/400 i5/OS V5R4M0 and V6R1M0 has unknown impact and attack vectors related to "XML SECURITY PATCH."
- CVE-2009-2029Jun 11, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+ callbacks.
- CVE-2009-2012Jun 9, 2009risk 0.00cvss —epss 0.00
Unspecified vulnerability in idmap in Sun OpenSolaris snv_88 through snv_110, when a CIFS server is enabled, allows local users to cause a denial of service (idpmapd daemon crash and idmapd outage) via unknown vectors.
- CVE-2009-1934Jun 5, 2009risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error.
- CVE-2009-1933Jun 5, 2009risk 0.00cvss —epss 0.00
Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_117, does not properly manage credential caches, which allows local users to access Kerberized NFS mount points and Kerberized NFS shares via unspecified vectors.
- CVE-2004-2764Jun 2, 2009risk 0.00cvss —epss 0.02
Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT…
- CVE-2004-2763Jun 1, 2009risk 0.00cvss —epss 0.02
The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site…
- CVE-2003-1573Jun 1, 2009risk 0.00cvss —epss 0.05
The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and…
- CVE-2003-1572Jun 1, 2009risk 0.00cvss —epss 0.02
Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields.
- CVE-2009-1796May 26, 2009risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to an error page.
- CVE-2009-1763May 22, 2009risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Solaris Secure Digital slot driver (aka sdhost) in Sun OpenSolaris snv_105 through snv_108 on the x86 platform allows local users to gain privileges or cause a denial of service (filesystem or memory corruption) via unknown vectors.
- CVE-2009-1673May 18, 2009risk 0.00cvss —epss 0.00
The kernel in Sun Solaris 9 allows local users to cause a denial of service (panic) by calling fstat with a first argument of AT_FDCWD.
- CVE-2009-1190Apr 27, 2009risk 0.00cvss —epss 0.03
Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows…
- CVE-2009-1359Apr 22, 2009risk 0.00cvss —epss 0.00
Unspecified vulnerability in the SCTP sockets implementation in Sun OpenSolaris snv_106 through snv_107 allows local users to cause a denial of service (panic) via unknown vectors.
- CVE-2009-1332Apr 17, 2009risk 0.00cvss —epss 0.02
The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified vectors.
- CVE-2009-0794Apr 13, 2009risk 0.00cvss —epss 0.03
Integer overflow in the PulseAudioTargetDataL class in src/java/org/classpath/icedtea/pulseaudio/PulseAudioTargetDataLine.java in Pulse-Java, as used in OpenJDK 1.6.0.0 and other products, allows remote attackers to cause a denial of service (applet crash) via a crafted Pulse…
- CVE-2009-1276Apr 9, 2009risk 0.00cvss —epss 0.00
XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by…
- CVE-2009-0793Apr 9, 2009risk 0.00cvss —epss 0.05
cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of…
- CVE-2009-1207Apr 1, 2009risk 0.00cvss —epss 0.00
Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files.
Page 27 of 42