Vendor CVEs
Sun Corporation
All CVEs
2,062 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-1999-1426 | 0.00 | — | 0.00 | Nov 10, 1997 | Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links when updating an NIS database, which allows local users to overwrite arbitrary files. | |||
| CVE-1999-1428 | 0.00 | — | 0.00 | Nov 10, 1997 | Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges. | |||
| CVE-1999-1424 | 0.00 | — | 0.00 | Nov 10, 1997 | Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions when adding new users to the NIS+ password table, which allows local users to gain root access by modifying their password table entries. | |||
| CVE-1999-1425 | 0.00 | — | 0.00 | Nov 10, 1997 | Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write permissions on source files for NIS maps, which could allow local users to gain privileges by modifying /etc/passwd. | |||
| CVE-1999-1427 | 0.00 | — | 0.00 | Nov 10, 1997 | Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files insecurely, which allows local users to gain root privileges. | |||
| CVE-1999-0097 | 0.00 | — | 0.04 | Oct 29, 1997 | The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character). | |||
| CVE-1999-0300 | 0.00 | — | 0.01 | Oct 1, 1997 | nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers. | |||
| CVE-1999-0295 | 0.00 | — | 0.00 | Oct 1, 1997 | Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges. | |||
| CVE-1999-1225 | 0.00 | — | 0.02 | Aug 24, 1997 | rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not. | |||
| CVE-1999-0024 | 0.00 | — | 0.05 | Aug 13, 1997 | DNS cache poisoning via BIND, by predictable query IDs. | |||
| CVE-1999-1419 | 0.00 | — | 0.00 | Jul 30, 1997 | Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and 2.4 allows local users to gain root privileges. | |||
| CVE-1999-0169 | 0.00 | — | 0.02 | Jul 1, 1997 | NFS allows attackers to read and write any file on the system by specifying a false UID. | |||
| CVE-1999-1192 | 0.00 | — | 0.00 | Jun 24, 1997 | Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument. | |||
| CVE-1999-0033 | 0.00 | — | 0.01 | Jun 12, 1997 | Command execution in Sun systems via buffer overflow in the at program. | |||
| CVE-1999-0189 | 0.00 | — | 0.01 | Jun 4, 1997 | Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111. | |||
| CVE-1999-1449 | 0.00 | — | 0.00 | May 19, 1997 | SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial of service (kernel panic) by reading from the /dev/tcx0 TCX device. | |||
| CVE-1999-0318 | 0.00 | — | 0.01 | Mar 1, 1997 | Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable. | |||
| CVE-1999-0165 | 0.00 | — | 0.02 | Mar 1, 1997 | NFS cache poisoning. | |||
| CVE-1999-0868 | 0.00 | — | 0.01 | Feb 20, 1997 | ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN. | |||
| CVE-1999-0298 | 0.00 | — | 0.02 | Feb 5, 1997 | ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remote attackers to overwrite files via a .. (dot dot) attack. | |||
| CVE-1999-0966 | 0.00 | — | 0.00 | Jan 27, 1997 | Buffer overflow in Solaris getopt in libc allows local users to gain root privileges via a long argv[0]. | |||
| CVE-1999-0048 | 0.00 | — | 0.03 | Jan 27, 1997 | Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges. | |||
| CVE-1999-0626 | 0.00 | — | 0.01 | Jan 1, 1997 | A version of rusers is running that exposes valid user information to any entity on the network. | |||
| CVE-1999-0217 | 0.00 | — | 0.01 | Jan 1, 1997 | Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems. | |||
| CVE-1999-0166 | 0.00 | — | 0.01 | Jan 1, 1997 | NFS allows users to use a "cd .." command to access other directories besides the exported file system. | |||
| CVE-1999-0345 | 0.00 | — | 0.01 | Jan 1, 1997 | Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems. | |||
| CVE-1999-0129 | 0.00 | — | 0.01 | Dec 3, 1996 | Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file. | |||
| CVE-1999-0277 | 0.00 | — | 0.00 | Oct 28, 1996 | The WorkMan program can be used to overwrite any file to get root access. | |||
| CVE-1999-0132 | 0.00 | — | 0.00 | Aug 15, 1996 | Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access. | |||
| CVE-1999-0134 | 0.00 | — | 0.00 | Aug 6, 1996 | vold in Solaris 2.x allows local users to gain root access. | |||
| CVE-1999-0136 | 0.00 | — | 0.00 | Jul 31, 1996 | Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access. | |||
| CVE-1999-0135 | 0.00 | — | 0.00 | Jul 25, 1996 | admintool in Solaris allows a local user to write to arbitrary files and gain root access. | |||
| CVE-1999-0019 | 0.00 | — | 0.02 | Apr 24, 1996 | Delete or create a file via rpc.statd, due to invalid information. | |||
| CVE-1999-0078 | 0.00 | — | 0.01 | Apr 18, 1996 | pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call. | |||
| CVE-1999-0142 | 0.00 | — | 0.02 | Mar 1, 1996 | The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts. | |||
| CVE-1999-0143 | 0.00 | — | 0.00 | Feb 21, 1996 | Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys. | |||
| CVE-1999-0241 | 0.00 | — | 0.04 | Nov 1, 1995 | Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm. | |||
| CVE-1999-0099 | 0.00 | — | 0.03 | Oct 19, 1995 | Buffer overflow in syslog utility allows local or remote attackers to gain root privileges. | |||
| CVE-1999-0164 | 0.00 | — | 0.00 | Aug 29, 1995 | A race condition in the Solaris ps command allows an attacker to overwrite critical files. | |||
| CVE-1999-1580 | 0.00 | — | 0.01 | Aug 23, 1995 | SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option. | |||
| CVE-1999-1080 | 0.00 | — | 0.00 | May 10, 1995 | rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid… | |||
| CVE-1999-1388 | 0.00 | — | 0.00 | May 13, 1994 | passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument. | |||
| CVE-1999-0120 | 0.00 | — | 0.00 | Mar 21, 1994 | Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root. | |||
| CVE-1999-0211 | 0.00 | — | 0.02 | Feb 14, 1994 | Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone. | |||
| CVE-1999-0334 | 0.00 | — | 0.00 | Dec 16, 1993 | In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access. | |||
| CVE-1999-1137 | 0.00 | — | 0.00 | Oct 1, 1993 | The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone. | |||
| CVE-1999-1318 | 0.00 | — | 0.00 | Sep 17, 1993 | /usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that includes the current working directory (.), which allows local users to gain privileges via Trojan horse programs. | |||
| CVE-1999-1507 | 0.00 | — | 0.01 | Feb 3, 1993 | Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access via insecure permissions on files and directories such as crash. | |||
| CVE-1999-1021 | 0.00 | — | 0.00 | Dec 30, 1992 | NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade. | |||
| CVE-1999-1396 | 0.00 | — | 0.00 | Jul 21, 1992 | Vulnerability in integer multiplication emulation code on SPARC architectures for SunOS 4.1 through 4.1.2 allows local users to gain root access or cause a denial of service (crash). |
- CVE-1999-1426Nov 10, 1997risk 0.00cvss —epss 0.00
Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links when updating an NIS database, which allows local users to overwrite arbitrary files.
- CVE-1999-1428Nov 10, 1997risk 0.00cvss —epss 0.00
Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges.
- CVE-1999-1424Nov 10, 1997risk 0.00cvss —epss 0.00
Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions when adding new users to the NIS+ password table, which allows local users to gain root access by modifying their password table entries.
- CVE-1999-1425Nov 10, 1997risk 0.00cvss —epss 0.00
Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write permissions on source files for NIS maps, which could allow local users to gain privileges by modifying /etc/passwd.
- CVE-1999-1427Nov 10, 1997risk 0.00cvss —epss 0.00
Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files insecurely, which allows local users to gain root privileges.
- CVE-1999-0097Oct 29, 1997risk 0.00cvss —epss 0.04
The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).
- CVE-1999-0300Oct 1, 1997risk 0.00cvss —epss 0.01
nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers.
- CVE-1999-0295Oct 1, 1997risk 0.00cvss —epss 0.00
Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges.
- CVE-1999-1225Aug 24, 1997risk 0.00cvss —epss 0.02
rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.
- CVE-1999-0024Aug 13, 1997risk 0.00cvss —epss 0.05
DNS cache poisoning via BIND, by predictable query IDs.
- CVE-1999-1419Jul 30, 1997risk 0.00cvss —epss 0.00
Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and 2.4 allows local users to gain root privileges.
- CVE-1999-0169Jul 1, 1997risk 0.00cvss —epss 0.02
NFS allows attackers to read and write any file on the system by specifying a false UID.
- CVE-1999-1192Jun 24, 1997risk 0.00cvss —epss 0.00
Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.
- CVE-1999-0033Jun 12, 1997risk 0.00cvss —epss 0.01
Command execution in Sun systems via buffer overflow in the at program.
- CVE-1999-0189Jun 4, 1997risk 0.00cvss —epss 0.01
Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111.
- CVE-1999-1449May 19, 1997risk 0.00cvss —epss 0.00
SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial of service (kernel panic) by reading from the /dev/tcx0 TCX device.
- CVE-1999-0318Mar 1, 1997risk 0.00cvss —epss 0.01
Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.
- CVE-1999-0165Mar 1, 1997risk 0.00cvss —epss 0.02
NFS cache poisoning.
- CVE-1999-0868Feb 20, 1997risk 0.00cvss —epss 0.01
ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.
- CVE-1999-0298Feb 5, 1997risk 0.00cvss —epss 0.02
ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remote attackers to overwrite files via a .. (dot dot) attack.
- CVE-1999-0966Jan 27, 1997risk 0.00cvss —epss 0.00
Buffer overflow in Solaris getopt in libc allows local users to gain root privileges via a long argv[0].
- CVE-1999-0048Jan 27, 1997risk 0.00cvss —epss 0.03
Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges.
- CVE-1999-0626Jan 1, 1997risk 0.00cvss —epss 0.01
A version of rusers is running that exposes valid user information to any entity on the network.
- CVE-1999-0217Jan 1, 1997risk 0.00cvss —epss 0.01
Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems.
- CVE-1999-0166Jan 1, 1997risk 0.00cvss —epss 0.01
NFS allows users to use a "cd .." command to access other directories besides the exported file system.
- CVE-1999-0345Jan 1, 1997risk 0.00cvss —epss 0.01
Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.
- CVE-1999-0129Dec 3, 1996risk 0.00cvss —epss 0.01
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
- CVE-1999-0277Oct 28, 1996risk 0.00cvss —epss 0.00
The WorkMan program can be used to overwrite any file to get root access.
- CVE-1999-0132Aug 15, 1996risk 0.00cvss —epss 0.00
Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access.
- CVE-1999-0134Aug 6, 1996risk 0.00cvss —epss 0.00
vold in Solaris 2.x allows local users to gain root access.
- CVE-1999-0136Jul 31, 1996risk 0.00cvss —epss 0.00
Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access.
- CVE-1999-0135Jul 25, 1996risk 0.00cvss —epss 0.00
admintool in Solaris allows a local user to write to arbitrary files and gain root access.
- CVE-1999-0019Apr 24, 1996risk 0.00cvss —epss 0.02
Delete or create a file via rpc.statd, due to invalid information.
- CVE-1999-0078Apr 18, 1996risk 0.00cvss —epss 0.01
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.
- CVE-1999-0142Mar 1, 1996risk 0.00cvss —epss 0.02
The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.
- CVE-1999-0143Feb 21, 1996risk 0.00cvss —epss 0.00
Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.
- CVE-1999-0241Nov 1, 1995risk 0.00cvss —epss 0.04
Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.
- CVE-1999-0099Oct 19, 1995risk 0.00cvss —epss 0.03
Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.
- CVE-1999-0164Aug 29, 1995risk 0.00cvss —epss 0.00
A race condition in the Solaris ps command allows an attacker to overwrite critical files.
- CVE-1999-1580Aug 23, 1995risk 0.00cvss —epss 0.01
SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.
- CVE-1999-1080May 10, 1995risk 0.00cvss —epss 0.00
rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid…
- CVE-1999-1388May 13, 1994risk 0.00cvss —epss 0.00
passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument.
- CVE-1999-0120Mar 21, 1994risk 0.00cvss —epss 0.00
Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root.
- CVE-1999-0211Feb 14, 1994risk 0.00cvss —epss 0.02
Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone.
- CVE-1999-0334Dec 16, 1993risk 0.00cvss —epss 0.00
In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access.
- CVE-1999-1137Oct 1, 1993risk 0.00cvss —epss 0.00
The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.
- CVE-1999-1318Sep 17, 1993risk 0.00cvss —epss 0.00
/usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that includes the current working directory (.), which allows local users to gain privileges via Trojan horse programs.
- CVE-1999-1507Feb 3, 1993risk 0.00cvss —epss 0.01
Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access via insecure permissions on files and directories such as crash.
- CVE-1999-1021Dec 30, 1992risk 0.00cvss —epss 0.00
NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade.
- CVE-1999-1396Jul 21, 1992risk 0.00cvss —epss 0.00
Vulnerability in integer multiplication emulation code on SPARC architectures for SunOS 4.1 through 4.1.2 allows local users to gain root access or cause a denial of service (crash).
Page 41 of 42