VYPR

Vendor CVEs

Sun Corporation

All CVEs

2,062 total · sorted by risk
  • CVE-2005-3238Oct 14, 2005
    risk 0.00cvss epss 0.00

    Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option Processing allows local users to cause a denial of service (panic) via unspecified attack vectors.

  • CVE-2005-3099Sep 28, 2005
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in Solaris 7, 8, 9, and 10 allows local users to execute arbitrary code.

  • CVE-2005-3071Sep 27, 2005
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9, when logging is enabled, allows local users to cause a denial of service ("soft hang") via certain write operations to UFS.

  • CVE-2005-3001Sep 20, 2005
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the "tl" driver in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.

  • CVE-2005-2870Sep 8, 2005
    risk 0.00cvss epss 0.03

    Unknown vulnerability in the net-svc script on Solaris 10 allows remote authenticated users to execute arbitrary code on a DHCP client via certain DHCP responses.

  • CVE-2005-0357Aug 23, 2005
    risk 0.00cvss epss 0.04

    EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or…

  • CVE-2005-0359Aug 23, 2005
    risk 0.00cvss epss 0.04

    The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to…

  • CVE-2005-0358Aug 23, 2005
    risk 0.00cvss epss 0.05

    EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token.

  • CVE-2005-2094Jul 5, 2005
    risk 0.00cvss epss 0.01

    Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes SunONE to incorrectly…

  • CVE-2005-2022Jun 17, 2005
    risk 0.00cvss epss 0.01

    Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability.

  • CVE-2005-1974Jun 16, 2005
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 and 5.0 Update 1 and J2SE 1.4.2 up to 1.4.2_07, as used in multiple products and platforms including (1) HP-UX and (2) APC PowerChute, allows applications to assign permissions to themselves and gain…

  • CVE-2005-2032Jun 16, 2005
    risk 0.00cvss epss 0.00

    Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files.

  • CVE-2005-1973Jun 16, 2005
    risk 0.00cvss epss 0.02

    Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 Update 1 allows applications to assign permissions to themselves and gain privileges.

  • CVE-2005-1887Jun 9, 2005
    risk 0.00cvss epss 0.00

    Unknown vulnerability in the Sun Solaris C library (libc and libproject) in Solaris 10 allows local users to gain privileges.

  • CVE-2005-1889Jun 7, 2005
    risk 0.00cvss epss 0.01

    Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files.

  • CVE-2005-1682May 20, 2005
    risk 0.00cvss epss 0.01

    JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does not properly validate the message number in the MimeMessage constructor in javax.mail.internet.InternetHeaders, which allows remote authenticated users to read other users' e-mail messages by modifying the…

  • CVE-2005-1591May 16, 2005
    risk 0.00cvss epss 0.01

    Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (rpc.nisd disabled and NIS+ unavailable) via unknown vectors.

  • CVE-2005-1609May 16, 2005
    risk 0.00cvss epss 0.02

    Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial numbers between 0451AWF00G and 0513AWF00J allows local users and remote attackers to delete data.

  • CVE-2005-1518May 11, 2005
    risk 0.00cvss epss 0.00

    Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services (FNS), autofs, and FNS X.500 configuration, allows local users to cause a denial of service (automountd crash) when "accessing" /xfn/_x500.

  • CVE-2005-1232May 2, 2005
    risk 0.00cvss epss 0.03

    Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy Server) 3.6 SP6 allows remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2005-0816May 2, 2005
    risk 0.00cvss epss 0.00

    Buffer overflow in newgrp in Solaris 7 through 9 allows local users to gain root privileges.

  • CVE-2005-0426May 2, 2005
    risk 0.00cvss epss 0.02

    Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via "Heavy UDP Usage" that triggers a NULL dereference.

  • CVE-2005-0576May 2, 2005
    risk 0.00cvss epss 0.00

    Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files.

  • CVE-2005-1124May 2, 2005
    risk 0.00cvss epss 0.00

    Unknown vulnerability in the libgss Generic Security Services Library in Solaris 7, 8, and 9 allows local users to gain privileges by loading their own GSS-API.

  • CVE-2005-0836May 2, 2005
    risk 0.00cvss epss 0.03

    Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file.

  • CVE-2005-0742May 2, 2005
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

  • CVE-2005-0223May 2, 2005
    risk 0.00cvss epss 0.02

    The Software Development Kit (SDK) and Run Time Environment (RTE) 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service (Java Virtual Machine hang) via object deserialization.

  • CVE-2005-0418May 2, 2005
    risk 0.00cvss epss 0.01

    Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06, on Mac OS X, allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. NOTE: it is highly likely that this item will be MERGED with CVE-2005-0836.

  • CVE-2005-0248May 2, 2005
    risk 0.00cvss epss 0.01

    The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to break into those accounts.

  • CVE-2005-1150May 2, 2005
    risk 0.00cvss epss 0.02

    Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang).

  • CVE-2005-0471Mar 14, 2005
    risk 0.00cvss epss 0.03

    Sun Java JRE 1.1.x through 1.4.x writes temporary files with long filenames that become predictable on a file system that uses 8.3 style short names, which allows remote attackers to write arbitrary files to known locations and facilitates the exploitation of vulnerabilities in…

  • CVE-2004-0481Feb 23, 2005
    risk 0.00cvss epss 0.00

    The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file.

  • CVE-2005-0447Feb 15, 2005
    risk 0.00cvss epss 0.02

    Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (hang) via a flood of certain ARP packets.

  • CVE-2004-2759Dec 31, 2004
    risk 0.00cvss epss 0.00

    Shared Sun StorEdge QFS and SAM-QFS file systems, as used in Utilization Suite 4.0 through 4.1 and Performance Suite 4.0 through 4.1, might allow local users to read portions of deleted files by accessing data within sparse files.

  • CVE-2004-2393Dec 31, 2004
    risk 0.00cvss epss 0.02

    Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not properly validate the certificate chain of a client or server, which allows remote attackers to falsely authenticate peers for SSL/TLS.

  • CVE-2004-0802Dec 31, 2004
    risk 0.00cvss epss 0.03

    Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.

  • CVE-2004-1503Dec 31, 2004
    risk 0.00cvss epss 0.02

    Integer overflow in the InitialDirContext in Java Runtime Environment (JRE) 1.4.2, 1.5.0 and possibly other versions allows remote attackers to cause a denial of service (Java exception and failed DNS requests) via a large number of DNS requests, which causes the xid variable to…

  • CVE-2004-2641Dec 31, 2004
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows remote attackers to cause a denial of service (system controller hang) via IP Packets With Type of Service (TOS) Bits set.

  • CVE-2004-2306Dec 31, 2004
    risk 0.00cvss epss 0.00

    Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection.

  • CVE-2004-2216Dec 31, 2004
    risk 0.00cvss epss 0.02

    Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate.

  • CVE-2004-1393Dec 31, 2004
    risk 0.00cvss epss 0.03

    Unknown vulnerability in the tcsetattr function for Sun Solaris for SPARC 2.6, 7, and 8 allows local users to cause a denial of service (system hang).

  • CVE-2004-1394Dec 31, 2004
    risk 0.00cvss epss 0.00

    The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges.

  • CVE-2004-2758Dec 31, 2004
    risk 0.00cvss epss 0.04

    Multiple unspecified vulnerabilities in the H.323 protocol implementation for Sun SunForum 3.2 and 3D 1.0 allow remote attackers to cause a denial of service (segmentation fault and process crash), as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.

  • CVE-2004-0817Dec 31, 2004
    risk 0.00cvss epss 0.05

    Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.

  • CVE-2004-2540Dec 31, 2004
    risk 0.00cvss epss 0.02

    readObject in (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.0 through 1.4.2_05 allows remote attackers to cause a denial of service (JVM unresponsive) via crafted serialized data.

  • CVE-2004-1767Dec 31, 2004
    risk 0.00cvss epss 0.00

    The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function.

  • CVE-2004-0780Dec 31, 2004
    risk 0.00cvss epss 0.01

    Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to execute arbitrary code via a long -S command line argument.

  • CVE-2004-1351Dec 7, 2004
    risk 0.00cvss epss 0.06

    Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code.

  • CVE-2004-0496Dec 6, 2004
    risk 0.00cvss epss 0.00

    Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool.

  • CVE-2004-1352Dec 1, 2004
    risk 0.00cvss epss 0.01

    Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may allow local users to execute arbitrary code.

Page 36 of 42