Vendor CVEs
Sun Corporation
All CVEs
2,062 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-2120 | 0.00 | — | 0.02 | May 9, 2008 | Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors. | |||
| CVE-2008-2112 | 0.00 | — | 0.03 | May 8, 2008 | Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and remote authenticated Sun Ray administrators to gain root privileges via unknown vectors related to utconfig. | |||
| CVE-2008-2089 | 0.00 | — | 0.02 | May 6, 2008 | Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet. | |||
| CVE-2008-2090 | 0.00 | — | 0.02 | May 6, 2008 | Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet. | |||
| CVE-2008-1995 | 0.00 | — | 0.02 | Apr 28, 2008 | Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server. | |||
| CVE-2007-5747 | 0.00 | — | 0.04 | Apr 17, 2008 | Integer underflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted values that trigger an excessive loop and a stack-based buffer overflow. | |||
| CVE-2008-1778 | 0.00 | — | 0.00 | Apr 14, 2008 | Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknown vectors. | |||
| CVE-2008-1780 | 0.00 | — | 0.00 | Apr 14, 2008 | Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors. | |||
| CVE-2008-1779 | 0.00 | — | 0.02 | Apr 14, 2008 | Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a denial of service (panic) via unknown vectors related to self encapsulated IP packets. | |||
| CVE-2008-1756 | 0.00 | — | 0.00 | Apr 11, 2008 | Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid Engine 6.1 allows local users to cause a denial of service (daemon crash) via unspecified vectors. | |||
| CVE-2008-1684 | 0.00 | — | 0.00 | Apr 6, 2008 | inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file. | |||
| CVE-2008-1369 | 0.00 | — | 0.03 | Mar 18, 2008 | A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileges via unspecified vectors. | |||
| CVE-2008-1356 | 0.00 | — | 0.00 | Mar 17, 2008 | Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java Desktop System (JDS), when using the GNOME On-Screen Keyboard (GOK), allows local users to bypass authentication via unknown vectors that cause the screen saver to crash. | |||
| CVE-2008-1317 | 0.00 | — | 0.00 | Mar 13, 2008 | Unspecified vulnerability in the Inter-Process Communication (IPC) message queue subsystem in Sun Solaris 10 allows local users to cause a denial of service (reboot) via blocked I/O message queues. | |||
| CVE-2008-1286 | 0.00 | — | 0.03 | Mar 11, 2008 | Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors. | |||
| CVE-2008-1285 | 0.00 | — | 0.03 | Mar 11, 2008 | Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) 1.2 before 1.2_08 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||
| CVE-2008-1205 | 0.00 | — | 0.00 | Mar 8, 2008 | Unspecified vulnerability in the ipsecah kernel module in Sun Solaris 10, when a key management daemon for IPsec security associations is running, allows local users to cause a denial of service (panic) via unspecified vectors. | |||
| CVE-2008-1204 | 0.00 | — | 0.02 | Mar 8, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows. | |||
| CVE-2008-1186 | 0.00 | — | 0.06 | Mar 6, 2008 | Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185,… | |||
| CVE-2008-1187 | 0.00 | — | 0.05 | Mar 6, 2008 | Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors… | |||
| CVE-2008-1192 | 0.00 | — | 0.04 | Mar 6, 2008 | Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via… | |||
| CVE-2008-1191 | 0.00 | — | 0.04 | Mar 6, 2008 | Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190, aka "The fifth issue." | |||
| CVE-2008-1185 | 0.00 | — | 0.06 | Mar 6, 2008 | Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different… | |||
| CVE-2008-1194 | 0.00 | — | 0.04 | Mar 6, 2008 | Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors. | |||
| CVE-2008-1195 | 0.00 | — | 0.06 | Mar 6, 2008 | Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to… | |||
| CVE-2008-1115 | 0.00 | — | 0.00 | Mar 3, 2008 | Unspecified vulnerability in Sun Solaris 8 directory functions allows local users to cause a denial of service (panic) via an unspecified sequence of system calls or commands. | |||
| CVE-2008-1095 | 0.00 | — | 0.02 | Feb 29, 2008 | Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly. | |||
| CVE-2008-0938 | 0.00 | — | 0.00 | Feb 25, 2008 | Unspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability than CVE-2007-4126. | |||
| CVE-2008-0933 | 0.00 | — | 0.00 | Feb 25, 2008 | Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore. | |||
| CVE-2008-0836 | 0.00 | — | 0.00 | Feb 20, 2008 | Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 9 and 10 on x86 architectures allows local users to cause a denial of service (panic) via unspecified vectors that trigger a NULL pointer dereference in the vuid3ps2 module, a different issue than… | |||
| CVE-2008-0730 | 0.00 | — | 0.00 | Feb 12, 2008 | The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and (4) Thai language input methods in Sun Solaris 10 create files and directories with weak permissions under (a) .iiim/le and (b) .Xlocale in home directories, which might allow local users to write to, or read… | |||
| CVE-2008-0718 | 0.00 | — | 0.00 | Feb 12, 2008 | Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors. | |||
| CVE-2008-0657 | 0.00 | — | 0.03 | Feb 7, 2008 | Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application… | |||
| CVE-2008-0628 | 0.00 | — | 0.03 | Feb 6, 2008 | The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial… | |||
| CVE-2008-0006 | 0.00 | — | 0.05 | Jan 18, 2008 | Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in… | |||
| CVE-2008-0269 | 0.00 | — | 0.00 | Jan 15, 2008 | Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors. | |||
| CVE-2008-0242 | 0.00 | — | 0.00 | Jan 12, 2008 | Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions. | |||
| CVE-2008-0241 | 0.00 | — | 0.03 | Jan 11, 2008 | Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter. | |||
| CVE-2007-0012 | 0.00 | — | 0.02 | Jan 9, 2008 | Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer crash) via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet is decoded and passed… | |||
| CVE-2007-6569 | 0.00 | — | 0.02 | Dec 28, 2007 | Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246. | |||
| CVE-2007-6571 | 0.00 | — | 0.02 | Dec 28, 2007 | Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356. | |||
| CVE-2007-6572 | 0.00 | — | 0.02 | Dec 28, 2007 | Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204. | |||
| CVE-2007-6570 | 0.00 | — | 0.02 | Dec 28, 2007 | Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309. | |||
| CVE-2007-6505 | 0.00 | — | 0.01 | Dec 20, 2007 | Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct… | |||
| CVE-2007-6481 | 0.00 | — | 0.03 | Dec 20, 2007 | Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to create or delete arbitrary directories via unspecified vectors. | |||
| CVE-2007-6482 | 0.00 | — | 0.03 | Dec 20, 2007 | Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | |||
| CVE-2007-6480 | 0.00 | — | 0.04 | Dec 20, 2007 | The Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code. | |||
| CVE-2007-6413 | 0.00 | — | 0.03 | Dec 17, 2007 | Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120011-* and 120012-* patches, allows remote attackers to bypass certain netgroup restrictions and obtain root access to a filesystem via NFS requests from a client root user. | |||
| CVE-2007-6360 | 0.00 | — | 0.02 | Dec 15, 2007 | Unspecified vulnerability in the Sun eXtended System Control Facility (XSCF) Control Package (XCP) firmware before 1050 on SPARC Enterprise M4000, M5000, M8000, and M9000 servers allows remote attackers to cause a denial of service (reboot) via (1) telnet, (2) ssh, or (3) http… | |||
| CVE-2007-6225 | 0.00 | — | 0.00 | Dec 4, 2007 | Unspecified vulnerability in Sun Solaris 10, when 64bit mode is used on the x86 platform, allows local users in a Linux (lx) branded zone to cause a denial of service (panic) via unspecified vectors. |
- CVE-2008-2120May 9, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors.
- CVE-2008-2112May 8, 2008risk 0.00cvss —epss 0.03
Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and remote authenticated Sun Ray administrators to gain root privileges via unknown vectors related to utconfig.
- CVE-2008-2089May 6, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet.
- CVE-2008-2090May 6, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet.
- CVE-2008-1995Apr 28, 2008risk 0.00cvss —epss 0.02
Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server.
- CVE-2007-5747Apr 17, 2008risk 0.00cvss —epss 0.04
Integer underflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted values that trigger an excessive loop and a stack-based buffer overflow.
- CVE-2008-1778Apr 14, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknown vectors.
- CVE-2008-1780Apr 14, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors.
- CVE-2008-1779Apr 14, 2008risk 0.00cvss —epss 0.02
Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a denial of service (panic) via unknown vectors related to self encapsulated IP packets.
- CVE-2008-1756Apr 11, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid Engine 6.1 allows local users to cause a denial of service (daemon crash) via unspecified vectors.
- CVE-2008-1684Apr 6, 2008risk 0.00cvss —epss 0.00
inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file.
- CVE-2008-1369Mar 18, 2008risk 0.00cvss —epss 0.03
A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileges via unspecified vectors.
- CVE-2008-1356Mar 17, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java Desktop System (JDS), when using the GNOME On-Screen Keyboard (GOK), allows local users to bypass authentication via unknown vectors that cause the screen saver to crash.
- CVE-2008-1317Mar 13, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Inter-Process Communication (IPC) message queue subsystem in Sun Solaris 10 allows local users to cause a denial of service (reboot) via blocked I/O message queues.
- CVE-2008-1286Mar 11, 2008risk 0.00cvss —epss 0.03
Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors.
- CVE-2008-1285Mar 11, 2008risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) 1.2 before 1.2_08 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
- CVE-2008-1205Mar 8, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the ipsecah kernel module in Sun Solaris 10, when a key management daemon for IPsec security associations is running, allows local users to cause a denial of service (panic) via unspecified vectors.
- CVE-2008-1204Mar 8, 2008risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows.
- CVE-2008-1186Mar 6, 2008risk 0.00cvss —epss 0.06
Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185,…
- CVE-2008-1187Mar 6, 2008risk 0.00cvss —epss 0.05
Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors…
- CVE-2008-1192Mar 6, 2008risk 0.00cvss —epss 0.04
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via…
- CVE-2008-1191Mar 6, 2008risk 0.00cvss —epss 0.04
Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190, aka "The fifth issue."
- CVE-2008-1185Mar 6, 2008risk 0.00cvss —epss 0.06
Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different…
- CVE-2008-1194Mar 6, 2008risk 0.00cvss —epss 0.04
Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors.
- CVE-2008-1195Mar 6, 2008risk 0.00cvss —epss 0.06
Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to…
- CVE-2008-1115Mar 3, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in Sun Solaris 8 directory functions allows local users to cause a denial of service (panic) via an unspecified sequence of system calls or commands.
- CVE-2008-1095Feb 29, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly.
- CVE-2008-0938Feb 25, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability than CVE-2007-4126.
- CVE-2008-0933Feb 25, 2008risk 0.00cvss —epss 0.00
Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore.
- CVE-2008-0836Feb 20, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 9 and 10 on x86 architectures allows local users to cause a denial of service (panic) via unspecified vectors that trigger a NULL pointer dereference in the vuid3ps2 module, a different issue than…
- CVE-2008-0730Feb 12, 2008risk 0.00cvss —epss 0.00
The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and (4) Thai language input methods in Sun Solaris 10 create files and directories with weak permissions under (a) .iiim/le and (b) .Xlocale in home directories, which might allow local users to write to, or read…
- CVE-2008-0718Feb 12, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors.
- CVE-2008-0657Feb 7, 2008risk 0.00cvss —epss 0.03
Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application…
- CVE-2008-0628Feb 6, 2008risk 0.00cvss —epss 0.03
The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial…
- CVE-2008-0006Jan 18, 2008risk 0.00cvss —epss 0.05
Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in…
- CVE-2008-0269Jan 15, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors.
- CVE-2008-0242Jan 12, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions.
- CVE-2008-0241Jan 11, 2008risk 0.00cvss —epss 0.03
Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter.
- CVE-2007-0012Jan 9, 2008risk 0.00cvss —epss 0.02
Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer crash) via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet is decoded and passed…
- CVE-2007-6569Dec 28, 2007risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246.
- CVE-2007-6571Dec 28, 2007risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356.
- CVE-2007-6572Dec 28, 2007risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204.
- CVE-2007-6570Dec 28, 2007risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309.
- CVE-2007-6505Dec 20, 2007risk 0.00cvss —epss 0.01
Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct…
- CVE-2007-6481Dec 20, 2007risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to create or delete arbitrary directories via unspecified vectors.
- CVE-2007-6482Dec 20, 2007risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
- CVE-2007-6480Dec 20, 2007risk 0.00cvss —epss 0.04
The Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code.
- CVE-2007-6413Dec 17, 2007risk 0.00cvss —epss 0.03
Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120011-* and 120012-* patches, allows remote attackers to bypass certain netgroup restrictions and obtain root access to a filesystem via NFS requests from a client root user.
- CVE-2007-6360Dec 15, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Sun eXtended System Control Facility (XSCF) Control Package (XCP) firmware before 1050 on SPARC Enterprise M4000, M5000, M8000, and M9000 servers allows remote attackers to cause a denial of service (reboot) via (1) telnet, (2) ssh, or (3) http…
- CVE-2007-6225Dec 4, 2007risk 0.00cvss —epss 0.00
Unspecified vulnerability in Sun Solaris 10, when 64bit mode is used on the x86 platform, allows local users in a Linux (lx) branded zone to cause a denial of service (panic) via unspecified vectors.
Page 31 of 42