VYPR

Vendor CVEs

Sun Corporation

All CVEs

2,062 total · sorted by risk
  • CVE-1999-1102Dec 31, 1999
    risk 0.00cvss epss 0.00

    lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.

  • CVE-1999-1586Dec 31, 1999
    risk 0.00cvss epss 0.00

    loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitize its environment, which allows local users to gain privileges, a different vulnerability than CVE-1999-1584.

  • CVE-2000-0030Dec 22, 1999
    risk 0.00cvss epss 0.01

    Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database.

  • CVE-1999-0974Dec 9, 1999
    risk 0.00cvss epss 0.03

    Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.

  • CVE-1999-0982Dec 5, 1999
    risk 0.00cvss epss 0.00

    The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.

  • CVE-1999-0840Nov 30, 1999
    risk 0.00cvss epss 0.00

    Buffer overflow in CDE dtmail and dtmailpr programs allows local users to gain privileges via a long -f option.

  • CVE-1999-1527Nov 23, 1999
    risk 0.00cvss epss 0.02

    Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer 3.0 Beta and Forte Community Edition 1.0 Beta does not properly restrict access to IP addresses as specified in its configuration, which allows arbitrary remote attackers to access the server.

  • CVE-1999-0831Nov 19, 1999
    risk 0.00cvss epss 0.01

    Denial of service in Linux syslogd via a large number of connections.

  • CVE-1999-0837Nov 10, 1999
    risk 0.00cvss epss 0.03

    Denial of service in BIND by improperly closing TCP sessions via so_linger.

  • CVE-1999-0851Nov 10, 1999
    risk 0.00cvss epss 0.00

    Denial of service in BIND named via naptr.

  • CVE-1999-0833Nov 10, 1999
    risk 0.00cvss epss 0.02

    Buffer overflow in BIND 8.2 via NXT records.

  • CVE-1999-0835Nov 10, 1999
    risk 0.00cvss epss 0.01

    Denial of service in BIND named via malformed SIG records.

  • CVE-1999-1530Nov 8, 1999
    risk 0.00cvss epss 0.00

    cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system.

  • CVE-1999-0687Sep 13, 1999
    risk 0.00cvss epss 0.02

    The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.

  • CVE-1999-0676Aug 9, 1999
    risk 0.00cvss epss 0.00

    sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack.

  • CVE-1999-0722Aug 8, 1999
    risk 0.00cvss epss 0.02

    The default configuration of Cobalt RaQ2 servers allows remote users to install arbitrary software packages.

  • CVE-1999-1023Jun 10, 1999
    risk 0.00cvss epss 0.00

    useradd in Solaris 7.0 does not properly interpret certain date formats as specified in the "-e" (expiration date) argument, which could allow users to login after their accounts have expired.

  • CVE-1999-0440Mar 1, 1999
    risk 0.00cvss epss 0.04

    The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.

  • CVE-1999-0223Mar 1, 1999
    risk 0.00cvss epss 0.00

    Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry.

  • CVE-1999-0408Feb 25, 1999
    risk 0.00cvss epss 0.02

    Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server.

  • CVE-1999-0370Feb 10, 1999
    risk 0.00cvss epss 0.00

    In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files.

  • CVE-1999-0952Jan 28, 1999
    risk 0.00cvss epss 0.00

    Buffer overflow in Solaris lpstat via class argument allows local users to gain root access.

  • CVE-1999-0568Jan 1, 1999
    risk 0.00cvss epss 0.02

    rpc.admind in Solaris is not running in a secure mode.

  • CVE-1999-0188Dec 17, 1998
    risk 0.00cvss epss 0.00

    The passwd command in Solaris can be subjected to a denial of service.

  • CVE-1999-0139Dec 12, 1998
    risk 0.00cvss epss 0.00

    Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access.

  • CVE-1999-1025Nov 12, 1998
    risk 0.00cvss epss 0.00

    CDE screen lock program (screenlock) on Solaris 2.6 does not properly lock an unprivileged user's console session when the host is an NIS+ client, which allows others with physical access to login with any string.

  • CVE-1999-0254Nov 2, 1998
    risk 0.00cvss epss 0.04

    A hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information.

  • CVE-1999-0186Oct 1, 1998
    risk 0.00cvss epss 0.04

    In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters.

  • CVE-1999-0056Sep 9, 1998
    risk 0.00cvss epss 0.00

    Buffer overflow in Sun's ping program can give root access to local users.

  • CVE-1999-0302Sep 1, 1998
    risk 0.00cvss epss 0.02

    SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server.

  • CVE-1999-0065Aug 31, 1998
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.

  • CVE-1999-0339Aug 1, 1998
    risk 0.00cvss epss 0.00

    Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access.

  • CVE-1999-0263Jul 16, 1998
    risk 0.00cvss epss 0.00

    Solaris SUNWadmap can be exploited to obtain root access.

  • CVE-1999-1297Jul 15, 1998
    risk 0.00cvss epss 0.00

    cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key.

  • CVE-1999-0213Jul 15, 1998
    risk 0.00cvss epss 0.02

    libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind.

  • CVE-1999-0797Jun 29, 1998
    risk 0.00cvss epss 0.01

    NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries.

  • CVE-1999-0054Jun 10, 1998
    risk 0.00cvss epss 0.01

    Sun's ftpd daemon can be subjected to a denial of service.

  • CVE-1999-0008Jun 8, 1998
    risk 0.00cvss epss 0.04

    Buffer overflow in NIS+, in Sun's rpc.nisd program.

  • CVE-1999-0303May 21, 1998
    risk 0.00cvss epss 0.00

    Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.

  • CVE-1999-0055May 14, 1998
    risk 0.00cvss epss 0.00

    Buffer overflows in Sun libnsl allow root access.

  • CVE-1999-1027May 7, 1998
    risk 0.00cvss epss 0.00

    Solaris 2.6 HW3/98 installs admintool with world-writable permissions, which allows local users to gain privileges by replacing it with a Trojan horse program.

  • CVE-1999-0212Apr 29, 1998
    risk 0.00cvss epss 0.02

    Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server.

  • CVE-1999-0010Apr 8, 1998
    risk 0.00cvss epss 0.02

    Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.

  • CVE-1999-0190Apr 8, 1998
    risk 0.00cvss epss 0.00

    Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access.

  • CVE-1999-1118Mar 11, 1998
    risk 0.00cvss epss 0.00

    ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters.

  • CVE-1999-0320Mar 1, 1998
    risk 0.00cvss epss 0.01

    SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files.

  • CVE-1999-0795Mar 1, 1998
    risk 0.00cvss epss 0.02

    The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches.

  • CVE-1999-0296Feb 1, 1998
    risk 0.00cvss epss 0.00

    Solaris volrmmount program allows attackers to read any file.

  • CVE-1999-0273Jan 1, 1998
    risk 0.00cvss epss 0.01

    Denial of service through Solaris 2.5.1 telnet by sending ^D characters.

  • CVE-1999-0017Dec 10, 1997
    risk 0.00cvss epss 0.02

    FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.