VYPR

Vendor CVEs

Sun Corporation

All CVEs

2,062 total · sorted by risk
  • CVE-2003-1064Jul 23, 2003
    risk 0.00cvss epss 0.03

    Solaris 8 with IPv6 enabled allows remote attackers to cause a denial of service (kernel panic) via a crafted IPv6 packet.

  • CVE-2003-1065Jul 23, 2003
    risk 0.00cvss epss 0.00

    Unknown vulnerability in patches 108993-14 through 108993-19 and 108994-14 through 108994-19 for Solaris 8 may allow local users to cause a denial of service (automountd crash).

  • CVE-2003-0414Jun 30, 2003
    risk 0.00cvss epss 0.00

    The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile.

  • CVE-2003-0412Jun 30, 2003
    risk 0.00cvss epss 0.02

    Sun ONE Application Server 7.0 for Windows 2000/XP does not log the complete URI of a long HTTP request, which could allow remote attackers to hide malicious activities.

  • CVE-2003-1067Jun 19, 2003
    risk 0.00cvss epss 0.00

    Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions.

  • CVE-2003-1068Jun 6, 2003
    risk 0.00cvss epss 0.00

    Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4659277, a different vulnerability than CVE-2003-1082.

  • CVE-2003-1069Jun 3, 2003
    risk 0.00cvss epss 0.02

    The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (CPU consumption by infinite loop).

  • CVE-2003-1070Apr 28, 2003
    risk 0.00cvss epss 0.02

    Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (rpcbind crash).

  • CVE-2003-1072Apr 28, 2003
    risk 0.00cvss epss 0.00

    Memory leak in lofiadm in Solaris 8 allows local users to cause a denial of service (kernel memory consumption).

  • CVE-2003-0091Apr 2, 2003
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege.

  • CVE-2003-0092Apr 2, 2003
    risk 0.00cvss epss 0.00

    Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable.

  • CVE-2003-1074Mar 28, 2003
    risk 0.00cvss epss 0.00

    Unknown vulnerability in newtask for Solaris 9 allows local users to gain root privileges.

  • CVE-2002-0387Mar 18, 2003
    risk 0.00cvss epss 0.03

    Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server before 6.5 allows remote attackers to execute arbitrary code via a long HTTP request URL.

  • CVE-2003-1077Mar 5, 2003
    risk 0.00cvss epss 0.00

    Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service (UFS file system hang).

  • CVE-2003-0064Mar 3, 2003
    risk 0.00cvss epss 0.03

    The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker…

  • CVE-2003-1078Feb 28, 2003
    risk 0.00cvss epss 0.01

    The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login.

  • CVE-2003-0058Feb 19, 2003
    risk 0.00cvss epss 0.05

    MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.

  • CVE-2003-1079Feb 18, 2003
    risk 0.00cvss epss 0.02

    Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated.

  • CVE-2003-1080Feb 11, 2003
    risk 0.00cvss epss 0.00

    Unknown vulnerability in mail for Solaris 2.6 through 9 allows local users to read the email of other users.

  • CVE-2003-1075Jan 27, 2003
    risk 0.00cvss epss 0.02

    Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP clients.

  • CVE-2002-2197Dec 31, 2002
    risk 0.00cvss epss 0.00

    Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a denial of service (kernel panic) via a program that uses /dev/poll, triggering a NULL pointer dereference.

  • CVE-2002-2374Dec 31, 2002
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files."

  • CVE-2002-2036Dec 31, 2002
    risk 0.00cvss epss 0.02

    Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) is enabled, allows remote attackers to login as another user by running dtlogin from a system that supports the XDMCP client.

  • CVE-2002-1871Dec 31, 2002
    risk 0.00cvss epss 0.00

    pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" (question mark) in the (1) mode, (2) owner, or (3) group fields, which allows attackers to elevate privileges.

  • CVE-2002-2089Dec 31, 2002
    risk 0.00cvss epss 0.00

    Buffer overflow in rcp in Solaris 9.0 allows local users to execute arbitrary code via a long command line argument.

  • CVE-2002-2203Dec 31, 2002
    risk 0.00cvss epss 0.00

    Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows local users to monitor keystrokes and possibly steal sensitive information.

  • CVE-2002-2005Dec 31, 2002
    risk 0.00cvss epss 0.02

    Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and 1.0.1.01 (HP-UX 11.x only) allows attackers to gain access to restricted resources via unknown attack vectors.

  • CVE-2002-1980Dec 31, 2002
    risk 0.00cvss epss 0.00

    Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 through 8 allows local users to execute arbitrary code via unknown attack vectors.

  • CVE-2002-2327Dec 31, 2002
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the environmental monitoring subsystem in Solaris 8 running on Sun Fire 280R, V480 and V880 allows local users to cause a denial of service by setting volatile properties.

  • CVE-2002-1763Dec 31, 2002
    risk 0.00cvss epss 0.00

    The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" and "Return" keys are pressed repeatedly and quickly, which allows local users to access the current session.

  • CVE-2002-1584Dec 27, 2002
    risk 0.00cvss epss 0.06

    Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other platforms, allows remote attackers to gain privileges.

  • CVE-2002-1345Dec 23, 2002
    risk 0.00cvss epss 0.03

    Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.

  • CVE-2002-1296Dec 23, 2002
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module.

  • CVE-2002-1344Dec 18, 2002
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences.

  • CVE-2002-1323Dec 11, 2002
    risk 0.00cvss epss 0.00

    Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.

  • CVE-2002-1587Dec 4, 2002
    risk 0.00cvss epss 0.00

    The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 allows local users to cause a denial of service (hang) of an application that uses libthread by causing the application to wait for a certain mutex.

  • CVE-2002-1586Dec 3, 2002
    risk 0.00cvss epss 0.00

    Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference.

  • CVE-2002-1588Nov 29, 2002
    risk 0.00cvss epss 0.02

    Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers to cause a denial of service (mailtool segmentation violation and crash) via a malformed mail attachment.

  • CVE-2002-1315Nov 29, 2002
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the…

  • CVE-2002-1316Nov 29, 2002
    risk 0.00cvss epss 0.02

    importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue…

  • CVE-2002-1585Nov 8, 2002
    risk 0.00cvss epss 0.02

    Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 for SPARC allows remote attackers to cause a denial of service via certain packets that cause some network interfaces to stop responding to TCP traffic.

  • CVE-2002-1590Oct 29, 2002
    risk 0.00cvss epss 0.00

    The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges…

  • CVE-2002-1228Oct 28, 2002
    risk 0.00cvss epss 0.02

    Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows an NFS client to cause a denial of service by killing the lockd daemon.

  • CVE-2002-1199Oct 28, 2002
    risk 0.00cvss epss 0.02

    The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.

  • CVE-2002-1589Oct 24, 2002
    risk 0.00cvss epss 0.00

    Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, KMF_DEADBEEF, or deadbeef) is set in the kmem_flags kernel parameter, allows local users to cause a denial of service (system panic).

  • CVE-2002-0885Oct 4, 2002
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and possibly other operating systems including Caldera UnixWare and Open UNIX, allow remote attackers to execute arbitrary code, possibly via the functions (1) syserr and (2) error.

  • CVE-2002-0884Oct 4, 2002
    risk 0.00cvss epss 0.03

    Multiple format string vulnerabilities in in.rarpd (ARP server) on Solaris, Caldera UnixWare and Open UNIX, and possibly other operating systems, allows remote attackers to execute arbitrary code via format strings that are not properly handled in the functions (1) syserr and…

  • CVE-2002-0796Aug 12, 2002
    risk 0.00cvss epss 0.04

    Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges.

  • CVE-2002-0797Aug 12, 2002
    risk 0.00cvss epss 0.03

    Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.

  • CVE-2002-0686Jul 23, 2002
    risk 0.00cvss epss 0.04

    Buffer overflow in the search component for iPlanet Web Server (iWS) 4.1 and Sun ONE Web Server 6.0 allows remote attackers to execute arbitrary code via a long argument to the NS-rel-doc-name parameter.

Page 38 of 42