VYPR

Vendor CVEs

Sun Corporation

All CVEs

2,062 total · sorted by risk
  • CVE-2007-3471Jun 28, 2007
    risk 0.00cvss epss 0.00

    Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors.

  • CVE-2007-3469Jun 28, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the TCP Loopback/Fusion implementation in Sun Solaris 10 allows local users to cause a denial of service (resource exhaustion and service hang) via unspecified vectors.

  • CVE-2007-3458Jun 27, 2007
    risk 0.00cvss epss 0.00

    The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors.

  • CVE-2007-3283Jun 19, 2007
    risk 0.00cvss epss 0.00

    GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root is logged into the console, does not automatically lock the screen after a session has been inactive, which might allow physically proximate attackers to access the console.

  • CVE-2007-3248Jun 18, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 interfaces are present but not configured for IPsec, allows remote attackers to cause a denial of service (system crash) via certain network traffic.

  • CVE-2007-3223Jun 14, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the NFS server in Sun Solaris 10 before 20070613 allows remote attackers to cause a denial of service (system crash) via certain XDR data in NFS requests, probably related to processing of data by the xdr_bool and xdrmblk_getint32 functions.

  • CVE-2007-3225Jun 14, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Sun Java System Directory Server (slapd) 6.0, and 5.2 with Patch 3 or 4, allows remote attackers to modify certain data via unknown vectors.

  • CVE-2007-3224Jun 14, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Sun ONE/Java System Directory Server (slapd) 6.0, and 5.x before 5.2 Patch 5, allows remote attackers to determine the existence of attributes of an entry via unspecified vectors.

  • CVE-2007-3093Jun 6, 2007
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in the logging mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote attackers to execute arbitrary code via unspecified vectors, related to the WBEM server.

  • CVE-2007-3094Jun 6, 2007
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server.

  • CVE-2007-3069Jun 6, 2007
    risk 0.00cvss epss 0.00

    xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session with Assistive Technology support is running, allows attackers with physical access to take control of the session after entering an Alt-Tab sequence.

  • CVE-2007-2989Jun 1, 2007
    risk 0.00cvss epss 0.03

    The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue…

  • CVE-2007-2990Jun 1, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 allows local users to cause a denial of service (daemon termination) via unspecified manipulations of the /var/run/.inetd.uds Unix domain socket file.

  • CVE-2007-2904May 30, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653.

  • CVE-2007-2906May 30, 2007
    risk 0.00cvss epss 0.02

    Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a denial of service (browser crash) via a Thread subclass that calls super.run from its run method.

  • CVE-2007-2882May 30, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets.

  • CVE-2007-2789May 22, 2007
    risk 0.00cvss epss 0.03

    The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when…

  • CVE-2007-2764May 18, 2007
    risk 0.00cvss epss 0.02

    The embedded Linux kernel in certain Sun-Brocade SilkWorm switches before 20070516 does not properly handle a situation in which a non-root user creates a kernel process, which allows attackers to cause a denial of service (oops and device reboot) via unspecified vectors.

  • CVE-2007-2529May 9, 2007
    risk 0.00cvss epss 0.00

    Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL.

  • CVE-2007-2465May 2, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing (BSM) is enabled for file read, write, attribute modify, create, or delete audit classes, allows local users to cause a denial of service (panic) via unknown vectors, possibly related to the audit_savepath…

  • CVE-2007-2466May 2, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the LDAP Software Development Kit (SDK) for C, as used in Sun Java System Directory Server 5.2 up to Patch 4 and Sun ONE Directory Server 5.1, allows remote attackers to cause a denial of service (crash) via certain BER encodings.

  • CVE-2007-2435May 2, 2007
    risk 0.00cvss epss 0.05

    Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and…

  • CVE-2007-2267Apr 25, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 before 20070424 allows remote authenticated users, operating from a different cluster node, to cause a denial of service (data corruption or send_mondo panic) via unspecified vectors, as demonstrated by EMC…

  • CVE-2007-1681Apr 19, 2007
    risk 0.00cvss epss 0.05

    Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a…

  • CVE-2007-2045Apr 16, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the IP implementation in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (CPU consumption) via crafted IP packets, probably related to fragmented packets with duplicate or missing fragments.

  • CVE-2007-1794Apr 2, 2007
    risk 0.00cvss epss 0.04

    The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to…

  • CVE-2006-4175Mar 26, 2007
    risk 0.00cvss epss 0.03

    The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service (crash) via malformed queries, probably malformed BER queries, which trigger a free of uninitialized…

  • CVE-2007-1526Mar 20, 2007
    risk 0.00cvss epss 0.01

    Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account different from that used for…

  • CVE-2007-1488Mar 16, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application.

  • CVE-2007-1419Mar 12, 2007
    risk 0.00cvss epss 0.01

    The Java Management Extensions Remote API Remote Method Invocation over Internet Inter-ORB Protocol (JMX RMI-IIOP) API in Java Dynamic Management Kit 5.1 before 20070309 does not properly enforce the java.policy, which allows local users to obtain certain MBeans data access by…

  • CVE-2007-1346Mar 8, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 allows local users to gain privileges and reset or turn off the server.

  • CVE-2006-7140Mar 7, 2007
    risk 0.00cvss epss 0.01

    The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents…

  • CVE-2006-7028Feb 23, 2007
    risk 0.00cvss epss 0.02

    Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allows remote attackers to cause a denial of service (console hang) via a flood of small TCP/IP packets. NOTE: this issue has not been replicated by third parties. In addition, the cause is unknown, although it…

  • CVE-2007-0914Feb 14, 2007
    risk 0.00cvss epss 0.02

    Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors.

  • CVE-2007-0895Feb 13, 2007
    risk 0.00cvss epss 0.00

    Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which…

  • CVE-2007-0668Feb 2, 2007
    risk 0.00cvss epss 0.00

    The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in a non-global zone to move and rename files in a read-only filesystem, which could lead to a denial of service.

  • CVE-2007-0628Jan 31, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these…

  • CVE-2007-0503Jan 25, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors.

  • CVE-2007-0482Jan 25, 2007
    risk 0.00cvss epss 0.00

    cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack.

  • CVE-2007-0470Jan 24, 2007
    risk 0.00cvss epss 0.00

    Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors.

  • CVE-2007-0393Jan 19, 2007
    risk 0.00cvss epss 0.00

    Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.

  • CVE-2007-0014Jan 17, 2007
    risk 0.00cvss epss 0.00

    ChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM.

  • CVE-2007-0114Jan 9, 2007
    risk 0.00cvss epss 0.02

    Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote attackers to obtain sensitive information regarding "content details" via unspecified vectors.

  • CVE-2006-6736Dec 26, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets…

  • CVE-2006-6731Dec 26, 2006
    risk 0.00cvss epss 0.04

    Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets…

  • CVE-2006-6745Dec 26, 2006
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are…

  • CVE-2006-6737Dec 26, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 5 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_10 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets…

  • CVE-2006-6494Dec 13, 2006
    risk 0.00cvss epss 0.00

    Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers.

  • CVE-2006-6495Dec 13, 2006
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege…

  • CVE-2006-6275Dec 4, 2006
    risk 0.00cvss epss 0.00

    Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals.

Page 33 of 42