VYPR

Vendor CVEs

Sun Corporation

All CVEs

2,062 total · sorted by risk
  • CVE-2004-1353Oct 19, 2004
    risk 0.00cvss epss 0.00

    Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role Based Access Control (RBAC), allows local users to execute certain commands with additional privileges.

  • CVE-2004-1349Oct 4, 2004
    risk 0.00cvss epss 0.01

    gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.

  • CVE-2004-0827Sep 16, 2004
    risk 0.00cvss epss 0.06

    Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.

  • CVE-2004-0801Sep 16, 2004
    risk 0.00cvss epss 0.04

    Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands.

  • CVE-2004-1348Sep 6, 2004
    risk 0.00cvss epss 0.02

    Unknown vulnerability in in.named on Solaris 8 allows remote attackers to cause a denial of service (process crash).

  • CVE-2004-0800Aug 24, 2004
    risk 0.00cvss epss 0.00

    Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value.

  • CVE-2004-1347Aug 10, 2004
    risk 0.00cvss epss 0.04

    X Display Manager (XDM) on Solaris 8 allows remote attackers to cause a denial of service (XDM crash) via an invalid X Display Manager Control Protocol (XDMCP) request.

  • CVE-2004-0651Aug 6, 2004
    risk 0.00cvss epss 0.03

    Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 through 1.4.2_03 allows remote attackers to cause a denial of service (virtual machine hang).

  • CVE-2004-0653Aug 6, 2004
    risk 0.00cvss epss 0.00

    Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files.

  • CVE-2004-0654Aug 6, 2004
    risk 0.00cvss epss 0.00

    Unknown vulnerability in the Basic Security Module (BSM), when configured to audit either the Administrative (ad) or the System-Wide Administration (as) audit class in Solaris 7, 8, and 9, allows local users to cause a denial of service (kernel panic).

  • CVE-2004-0701Jul 27, 2004
    risk 0.00cvss epss 0.00

    Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 does not properly detect a smartcard removal when the card is quickly removed, reinserted, and removed again, which could cause a user session to stay logged in and allow local users to gain unauthorized access.

  • CVE-2004-0742Jul 27, 2004
    risk 0.00cvss epss 0.05

    Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote authenticated users to obtain Calendar Server privileges and modify Calendar data by changing the display options to a non-default view.

  • CVE-2004-1345Jun 21, 2004
    risk 0.00cvss epss 0.00

    Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) 2.1 for Solaris 8 and Solaris 9 allows local users with the "ESMUser" role to gain root access.

  • CVE-2004-1346Jun 19, 2004
    risk 0.00cvss epss 0.00

    The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users to cause a denial of service (kernel panic) via a malformed probe request to the SVM.

  • CVE-2004-1354May 14, 2004
    risk 0.00cvss epss 0.04

    The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a…

  • CVE-2004-1355Apr 26, 2004
    risk 0.00cvss epss 0.00

    Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.

  • CVE-2004-1356Apr 23, 2004
    risk 0.00cvss epss 0.00

    Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.

  • CVE-2004-1942Apr 19, 2004
    risk 0.00cvss epss 0.01

    The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as…

  • CVE-2004-1357Apr 7, 2004
    risk 0.00cvss epss 0.03

    The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properly log IP addresses when SSHD is configured with the ListenAddress as 0.0.0.0, which makes it easier for remote attackers to hide the source of their activities.

  • CVE-2004-1815Mar 15, 2004
    risk 0.00cvss epss 0.02

    Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).

  • CVE-2004-1816Mar 15, 2004
    risk 0.00cvss epss 0.03

    Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).

  • CVE-2004-1358Mar 12, 2004
    risk 0.00cvss epss 0.01

    The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged.

  • CVE-2004-1359Mar 4, 2004
    risk 0.00cvss epss 0.00

    Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 allow local users to execute arbitrary code as the uucp user.

  • CVE-2004-1360Feb 27, 2004
    risk 0.00cvss epss 0.00

    Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when invoked by conv_lpd, allows local users to overwrite arbitrary files.

  • CVE-2004-1180Feb 16, 2004
    risk 0.00cvss epss 0.02

    Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).

  • CVE-2003-1024Jan 20, 2004
    risk 0.00cvss epss 0.00

    Unknown vulnerability in the ls-F builtin function in tcsh on Solaris 8 allows local users to create or delete files as other users, and gain privileges.

  • CVE-2003-0999Jan 5, 2004
    risk 0.00cvss epss 0.00

    Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files.

  • CVE-2003-1066Dec 31, 2003
    risk 0.00cvss epss 0.03

    Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets.

  • CVE-2003-1126Dec 31, 2003
    risk 0.00cvss epss 0.02

    Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service.

  • CVE-2003-1156Dec 31, 2003
    risk 0.00cvss epss 0.01

    Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program.

  • CVE-2003-1301Dec 31, 2003
    risk 0.00cvss epss 0.03

    Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x before 1.5.0_06, and as used in multiple web browsers, allows remote attackers to cause a denial of service (application crash) via deeply nested object arrays, which are not properly handled by the garbage…

  • CVE-2003-1124Dec 31, 2003
    risk 0.00cvss epss 0.00

    Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and 3.0 Revenue Release (RR), when installed and run by root, allows local users to create or modify arbitrary files.

  • CVE-2003-1563Dec 31, 2003
    risk 0.00cvss epss 0.00

    Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Application Clusters (OPS/RAC) allows local users to cause a denial of service (cluster node panic or abort) by launching a daemon listening on a TCP port that would otherwise be used by the Distributed Lock Manager…

  • CVE-2003-1125Dec 31, 2003
    risk 0.00cvss epss 0.01

    Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, 5.0, and 5.1 allows LDAP clients to cause a denial of service (service halt).

  • CVE-2003-1082Dec 31, 2003
    risk 0.00cvss epss 0.00

    Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4705891, a different vulnerability than CVE-2003-1068.

  • CVE-2003-1229Dec 31, 2003
    risk 0.00cvss epss 0.05

    X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server…

  • CVE-2003-1076Dec 31, 2003
    risk 0.00cvss epss 0.00

    Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local users to cause a denial of service (unknown impact) and possibly gain privileges via certain constructs in a .forward file.

  • CVE-2003-0914Dec 15, 2003
    risk 0.00cvss epss 0.03

    ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.

  • CVE-2003-0970Dec 15, 2003
    risk 0.00cvss epss 0.01

    The Network Management Port on Sun Fire B1600 systems allows remote attackers to cause a denial of service (packet loss) via ARP packets, which cause all ports to become temporarily disabled.

  • CVE-2003-1056Dec 11, 2003
    risk 0.00cvss epss 0.00

    The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.

  • CVE-2003-1057Dec 8, 2003
    risk 0.00cvss epss 0.00

    Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solaris 2.6 through 9 may allow local users to execute arbitrary code.

  • CVE-2003-1058Dec 3, 2003
    risk 0.00cvss epss 0.00

    The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files.

  • CVE-2003-1059Nov 20, 2003
    risk 0.00cvss epss 0.00

    Unknown vulnerability in the libraries for the PGX32 frame buffer in Solaris 2.5.1 and 2.6 through 9 allows local users to gain root access.

  • CVE-2003-1060Oct 27, 2003
    risk 0.00cvss epss 0.02

    The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference.

  • CVE-2003-1062Oct 15, 2003
    risk 0.00cvss epss 0.00

    Unknown vulnerability in the sysinfo system call for Solaris for SPARC 2.6 through 9, and Solaris for x86 2.6, 7, and 8, allows local users to read kernel memory.

  • CVE-2003-1061Oct 14, 2003
    risk 0.00cvss epss 0.00

    Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines.

  • CVE-2003-1081Sep 9, 2003
    risk 0.00cvss epss 0.02

    Aspppls for Solaris 8 allows local users to overwrite arbitrary files via a symlink attack on the .asppp.fifo temporary file.

  • CVE-2003-0676Aug 27, 2003
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in ViewLog for iPlanet Administration Server 5.1 (aka Sun ONE) allows remote attackers to read arbitrary files via "..%2f" (partially encoded dot dot) sequences.

  • CVE-2003-0669Aug 27, 2003
    risk 0.00cvss epss 0.00

    Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users.

  • CVE-2003-1063Aug 20, 2003
    risk 0.00cvss epss 0.02

    The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy.

Page 37 of 42