VYPR

Vendor CVEs

Sun Corporation

All CVEs

2,062 total · sorted by risk
  • CVE-2008-2120May 9, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors.

  • CVE-2008-2112May 8, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and remote authenticated Sun Ray administrators to gain root privileges via unknown vectors related to utconfig.

  • CVE-2008-2089May 6, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet.

  • CVE-2008-2090May 6, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet.

  • CVE-2008-1995Apr 28, 2008
    risk 0.00cvss epss 0.02

    Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server.

  • CVE-2007-5747Apr 17, 2008
    risk 0.00cvss epss 0.04

    Integer underflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted values that trigger an excessive loop and a stack-based buffer overflow.

  • CVE-2008-1778Apr 14, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknown vectors.

  • CVE-2008-1780Apr 14, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors.

  • CVE-2008-1779Apr 14, 2008
    risk 0.00cvss epss 0.02

    Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a denial of service (panic) via unknown vectors related to self encapsulated IP packets.

  • CVE-2008-1756Apr 11, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid Engine 6.1 allows local users to cause a denial of service (daemon crash) via unspecified vectors.

  • CVE-2008-1684Apr 6, 2008
    risk 0.00cvss epss 0.00

    inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file.

  • CVE-2008-1369Mar 18, 2008
    risk 0.00cvss epss 0.03

    A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileges via unspecified vectors.

  • CVE-2008-1356Mar 17, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java Desktop System (JDS), when using the GNOME On-Screen Keyboard (GOK), allows local users to bypass authentication via unknown vectors that cause the screen saver to crash.

  • CVE-2008-1317Mar 13, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the Inter-Process Communication (IPC) message queue subsystem in Sun Solaris 10 allows local users to cause a denial of service (reboot) via blocked I/O message queues.

  • CVE-2008-1286Mar 11, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors.

  • CVE-2008-1285Mar 11, 2008
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) 1.2 before 1.2_08 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

  • CVE-2008-1205Mar 8, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the ipsecah kernel module in Sun Solaris 10, when a key management daemon for IPsec security associations is running, allows local users to cause a denial of service (panic) via unspecified vectors.

  • CVE-2008-1204Mar 8, 2008
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows.

  • CVE-2008-1186Mar 6, 2008
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185,…

  • CVE-2008-1187Mar 6, 2008
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors…

  • CVE-2008-1192Mar 6, 2008
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via…

  • CVE-2008-1191Mar 6, 2008
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190, aka "The fifth issue."

  • CVE-2008-1185Mar 6, 2008
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different…

  • CVE-2008-1194Mar 6, 2008
    risk 0.00cvss epss 0.04

    Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors.

  • CVE-2008-1195Mar 6, 2008
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to…

  • CVE-2008-1115Mar 3, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Sun Solaris 8 directory functions allows local users to cause a denial of service (panic) via an unspecified sequence of system calls or commands.

  • CVE-2008-1095Feb 29, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly.

  • CVE-2008-0938Feb 25, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability than CVE-2007-4126.

  • CVE-2008-0933Feb 25, 2008
    risk 0.00cvss epss 0.00

    Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore.

  • CVE-2008-0836Feb 20, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 9 and 10 on x86 architectures allows local users to cause a denial of service (panic) via unspecified vectors that trigger a NULL pointer dereference in the vuid3ps2 module, a different issue than…

  • CVE-2008-0730Feb 12, 2008
    risk 0.00cvss epss 0.00

    The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and (4) Thai language input methods in Sun Solaris 10 create files and directories with weak permissions under (a) .iiim/le and (b) .Xlocale in home directories, which might allow local users to write to, or read…

  • CVE-2008-0718Feb 12, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors.

  • CVE-2008-0657Feb 7, 2008
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application…

  • CVE-2008-0628Feb 6, 2008
    risk 0.00cvss epss 0.03

    The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial…

  • CVE-2008-0006Jan 18, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in…

  • CVE-2008-0269Jan 15, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors.

  • CVE-2008-0242Jan 12, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions.

  • CVE-2008-0241Jan 11, 2008
    risk 0.00cvss epss 0.03

    Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter.

  • CVE-2007-0012Jan 9, 2008
    risk 0.00cvss epss 0.02

    Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer crash) via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet is decoded and passed…

  • CVE-2007-6569Dec 28, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246.

  • CVE-2007-6571Dec 28, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356.

  • CVE-2007-6572Dec 28, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204.

  • CVE-2007-6570Dec 28, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309.

  • CVE-2007-6505Dec 20, 2007
    risk 0.00cvss epss 0.01

    Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct…

  • CVE-2007-6481Dec 20, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to create or delete arbitrary directories via unspecified vectors.

  • CVE-2007-6482Dec 20, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

  • CVE-2007-6480Dec 20, 2007
    risk 0.00cvss epss 0.04

    The Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code.

  • CVE-2007-6413Dec 17, 2007
    risk 0.00cvss epss 0.03

    Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120011-* and 120012-* patches, allows remote attackers to bypass certain netgroup restrictions and obtain root access to a filesystem via NFS requests from a client root user.

  • CVE-2007-6360Dec 15, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Sun eXtended System Control Facility (XSCF) Control Package (XCP) firmware before 1050 on SPARC Enterprise M4000, M5000, M8000, and M9000 servers allows remote attackers to cause a denial of service (reboot) via (1) telnet, (2) ssh, or (3) http…

  • CVE-2007-6225Dec 4, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Sun Solaris 10, when 64bit mode is used on the x86 platform, allows local users in a Linux (lx) branded zone to cause a denial of service (panic) via unspecified vectors.

Page 31 of 42