VYPR

Vendor CVEs

Sun Corporation

All CVEs

2,062 total · sorted by risk
  • CVE-1999-0003Apr 1, 1998
    risk 0.05cvss epss 0.24

    Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).

  • CVE-2019-2697Apr 23, 2019
    risk 0.04cvss epss 0.11

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.…

  • CVE-2015-4748Jul 16, 2015
    risk 0.04cvss epss 0.47

    Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.

  • CVE-2012-0547Aug 30, 2012
    risk 0.04cvss epss 0.12

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be…

  • CVE-2012-0551May 3, 2012
    risk 0.04cvss epss 0.12

    Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect…

  • CVE-2010-4435Jan 19, 2011
    risk 0.04cvss epss 0.14

    Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has…

  • CVE-2010-3573Oct 19, 2010
    risk 0.04cvss epss 0.11

    Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the…

  • CVE-2010-0838Apr 1, 2010
    risk 0.04cvss epss 0.15

    Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the…

  • CVE-2010-0388Jan 25, 2010
    risk 0.04cvss epss 0.07

    Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute…

  • CVE-2010-0387Jan 25, 2010
    risk 0.04cvss epss 0.08

    Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest"…

  • CVE-2010-0313Jan 14, 2010
    risk 0.04cvss epss 0.09

    The core_get_proxyauth_dn function in ns-slapd in Sun Java System Directory Server Enterprise Edition 7.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted LDAP Search Request message.

  • CVE-2009-1672May 18, 2009
    risk 0.04cvss epss 0.10

    The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allows remote attackers to (1) execute arbitrary code via a .jnlp URL in the argument to the launch method, and might allow remote attackers to launch JRE…

  • CVE-2009-1671May 18, 2009
    risk 0.04cvss epss 0.10

    Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allow remote attackers to execute arbitrary code via a long string argument to the (1) setInstallerType, (2)…

  • CVE-2009-1553May 6, 2009
    risk 0.04cvss epss 0.08

    Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3)…

  • CVE-2009-1357Apr 23, 2009
    risk 0.04cvss epss 0.07

    CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 through 6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the HELP_PAGE parameter.

  • CVE-2009-1219Apr 1, 2009
    risk 0.04cvss epss 0.09

    Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid…

  • CVE-2009-0348Jan 29, 2009
    risk 0.04cvss epss 0.08

    The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

  • CVE-2009-0304Jan 27, 2009
    risk 0.04cvss epss 0.10

    The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficient validation security vulnerability," as demonstrated by SunOSipv6.c.

  • CVE-2008-4910Nov 4, 2008
    risk 0.04cvss epss 0.10

    The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method.

  • CVE-2008-4619Oct 21, 2008
    risk 0.04cvss epss 0.12

    The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of…

  • CVE-2008-0964Aug 8, 2008
    risk 0.04cvss epss 0.14

    Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.

  • CVE-2008-1193Mar 6, 2008
    risk 0.04cvss epss 0.13

    Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.

  • CVE-2007-5019Sep 20, 2007
    risk 0.04cvss epss 0.10

    Buffer overflow in the Sun Java Web Start ActiveX control in Java Runtime Environment (JRE) 1.6.0_X allows remote attackers to have an unknown impact via a long argument to the dnsResolve (isInstalled.dnsResolve) method.

  • CVE-2007-3655Jul 10, 2007
    risk 0.04cvss epss 0.12

    Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file.

  • CVE-2007-2788May 22, 2007
    risk 0.04cvss epss 0.18

    Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and…

  • CVE-2007-0634Jan 31, 2007
    risk 0.04cvss epss 0.09

    Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.

  • CVE-2007-0243Jan 17, 2007
    risk 0.04cvss epss 0.11

    Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.

  • CVE-2007-0165Jan 10, 2007
    risk 0.04cvss epss 0.09

    Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.

  • CVE-2006-4842Oct 12, 2006
    risk 0.04cvss epss 0.08

    The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.

  • CVE-2006-2426May 17, 2006
    risk 0.04cvss epss 0.13

    Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp%…

  • CVE-2006-0647Feb 13, 2006
    risk 0.04cvss epss 0.10

    LDAP service in Sun Java System Directory Server 5.2, running on Linux and possibly other platforms, allows remote attackers to cause a denial of service (memory allocation error) via an LDAP packet with a crafted subtree search request, as demonstrated using the ProtoVer LDAP…

  • CVE-2005-3398Nov 1, 2005
    risk 0.04cvss epss 0.13

    The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.

  • CVE-2004-1029Mar 1, 2005
    risk 0.04cvss epss 0.17

    The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute…

  • CVE-2004-1170Jan 10, 2005
    risk 0.04cvss epss 0.16

    a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.

  • CVE-2003-1123Dec 31, 2003
    risk 0.04cvss epss 0.11

    Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model.

  • CVE-2003-0896Nov 17, 2003
    risk 0.04cvss epss 0.14

    The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a loaded class name that contains "/" (slash) instead of…

  • CVE-2003-0413Jun 30, 2003
    risk 0.04cvss epss 0.07

    Cross-site scripting (XSS) vulnerability in the webapps-simple sample application for (1) Sun ONE Application Server 7.0 for Windows 2000/XP or (2) Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an…

  • CVE-2002-1525Apr 2, 2003
    risk 0.04cvss epss 0.08

    Directory traversal vulnerability in ASTAware SearchDisk engine for Sun ONE Starter Kit 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on port (1) 6015 or (2) 6016, or (3) an absolute pathname to port 6017.

  • CVE-2002-2072Dec 31, 2002
    risk 0.04cvss epss 0.09

    java.security.AccessController in Sun Java Virtual Machine (JVM) in JRE 1.2.2 and 1.3.1 allows remote attackers to cause a denial of service (JVM crash) via a Java program that calls the doPrivileged method with a null argument.

  • CVE-2002-1361Dec 23, 2002
    risk 0.04cvss epss 0.12

    overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter.

  • CVE-2002-0436Jul 26, 2002
    risk 0.04cvss epss 0.12

    sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.

  • CVE-2000-0844Nov 14, 2000
    risk 0.04cvss epss 0.15

    Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

  • CVE-2000-0697Oct 20, 2000
    risk 0.04cvss epss 0.11

    The administration interface for the dwhttpd web server in Solaris AnswerBook2 allows interface users to remotely execute commands via shell metacharacters.

  • CVE-2000-0696Oct 20, 2000
    risk 0.04cvss epss 0.07

    The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script.

  • CVE-2000-0234Mar 31, 2000
    risk 0.04cvss epss 0.07

    The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a .htaccess file.

  • CVE-1999-0977Dec 10, 1999
    risk 0.04cvss epss 0.13

    Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.

  • CVE-1999-0848Nov 10, 1999
    risk 0.04cvss epss 0.06

    Denial of service in BIND named via consuming more than "fdmax" file descriptors.

  • CVE-1999-0875Aug 11, 1999
    risk 0.04cvss epss 0.18

    DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes.

  • CVE-1999-0696Jul 1, 1999
    risk 0.04cvss epss 0.12

    Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).

  • CVE-1999-0009Apr 8, 1998
    risk 0.04cvss epss 0.29

    Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

Page 5 of 42