VYPR

Vendor CVEs

Sun Corporation

All CVEs

2,062 total · sorted by risk
  • CVE-1999-0908Sep 23, 1999
    risk 0.03cvss epss 0.02

    Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter.

  • CVE-1999-0786Sep 22, 1999
    risk 0.03cvss epss 0.01

    The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack.

  • CVE-1999-1014Sep 13, 1999
    risk 0.03cvss epss 0.01

    Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument.

  • CVE-1999-0689Sep 13, 1999
    risk 0.03cvss epss 0.01

    The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.

  • CVE-1999-0691Sep 13, 1999
    risk 0.03cvss epss 0.01

    Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.

  • CVE-1999-0767Sep 8, 1999
    risk 0.03cvss epss 0.01

    Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.

  • CVE-1999-0674Aug 9, 1999
    risk 0.03cvss epss 0.01

    The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.

  • CVE-2000-0118Jun 9, 1999
    risk 0.03cvss epss 0.01

    The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.

  • CVE-1999-0493Jun 7, 1999
    risk 0.03cvss epss 0.04

    rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.

  • CVE-1999-0773May 11, 1999
    risk 0.03cvss epss 0.01

    Buffer overflow in Solaris lpset program allows local users to gain root access.

  • CVE-1999-0806May 10, 1999
    risk 0.03cvss epss 0.01

    Buffer overflow in Solaris dtprintinfo program.

  • CVE-1999-0417Mar 9, 1999
    risk 0.03cvss epss 0.01

    64 bit Solaris 7 procfs allows local users to perform a denial of service.

  • CVE-1999-1371Mar 8, 1999
    risk 0.03cvss epss 0.01

    Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local users to gain privileges via a long string in the terminal name argument.

  • CVE-1999-0410Mar 5, 1999
    risk 0.03cvss epss 0.01

    The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access.

  • CVE-1999-0442Jan 7, 1999
    risk 0.03cvss epss 0.01

    Solaris ff.core allows local users to modify files.

  • CVE-1999-0321Dec 1, 1998
    risk 0.03cvss epss 0.01

    Buffer overflow in Solaris kcms_configure command allows local users to gain root access.

  • CVE-1999-1432Jul 16, 1998
    risk 0.03cvss epss 0.02

    Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after…

  • CVE-1999-0125Jan 25, 1998
    risk 0.03cvss epss 0.01

    Buffer overflow in SGI IRIX mailx program.

  • CVE-1999-0210Nov 26, 1997
    risk 0.03cvss epss 0.06

    Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters.

  • CVE-1999-0301Aug 1, 1997
    risk 0.03cvss epss 0.01

    Buffer overflow in SunOS/Solaris ps command.

  • CVE-1999-1423Jun 26, 1997
    risk 0.03cvss epss 0.01

    ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.

  • CVE-1999-1191May 19, 1997
    risk 0.03cvss epss 0.02

    Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.

  • CVE-1999-1402May 17, 1997
    risk 0.03cvss epss 0.01

    The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.

  • CVE-1999-1158May 13, 1997
    risk 0.03cvss epss 0.01

    Buffer overflow in (1) pluggable authentication module (PAM) on Solaris 2.5.1 and 2.5 and (2) unix_scheme in Solaris 2.4 and 2.3 allows local users to gain root privileges via programs that use these modules such as passwd, yppasswd, and nispasswd.

  • CVE-1999-0040May 1, 1997
    risk 0.03cvss epss 0.01

    Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

  • CVE-1999-0315Apr 1, 1997
    risk 0.03cvss epss 0.01

    Buffer overflow in Solaris fdformat command gives root access to local users.

  • CVE-1999-0109Feb 10, 1997
    risk 0.03cvss epss 0.01

    Buffer overflow in ffbconfig in Solaris 2.5.1.

  • CVE-1999-0369Feb 1, 1997
    risk 0.03cvss epss 0.01

    The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access.

  • CVE-1999-0051Jan 6, 1997
    risk 0.03cvss epss 0.01

    Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX.

  • CVE-1999-1026Dec 20, 1996
    risk 0.03cvss epss 0.01

    aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files and gain root privileges via a symlink attack on the /tmp/.asppp.fifo file.

  • CVE-1999-0032Oct 25, 1996
    risk 0.03cvss epss 0.01

    Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.

  • CVE-1999-1413Aug 3, 1996
    risk 0.03cvss epss 0.01

    Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg.

  • CVE-1999-0023Jul 24, 1996
    risk 0.03cvss epss 0.01

    Local user gains root privileges via buffer overflow in rdist, via lookup() function.

  • CVE-1999-1123May 20, 1991
    risk 0.03cvss epss 0.01

    The installation of Sun Source (sunsrc) tapes allows local users to gain root privileges via setuid root programs (1) makeinstall or (2) winstall.

  • CVE-2009-3864Nov 5, 2009
    risk 0.02cvss epss 0.22

    The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to…

  • CVE-2008-3112Jul 9, 2008
    risk 0.02cvss epss 0.26

    Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR…

  • CVE-2008-2403Jun 4, 2008
    risk 0.02cvss epss 0.19

    Multiple directory traversal vulnerabilities in unspecified ASP applications in Sun Java Active Server Pages (ASP) Server before 4.0.3 allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the Path parameter to the MapPath method.

  • CVE-2007-2881May 29, 2007
    risk 0.02cvss epss 0.26

    Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation.

  • CVE-2004-0826Dec 31, 2004
    risk 0.02cvss epss 0.23

    Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.

  • CVE-2003-0196May 5, 2003
    risk 0.02cvss epss 0.23

    Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.

  • CVE-2002-0679Sep 5, 2002
    risk 0.02cvss epss 0.23

    Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.

  • CVE-2002-0076Mar 19, 2002
    risk 0.02cvss epss 0.27

    Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape…

  • CVE-2002-0084Mar 15, 2002
    risk 0.02cvss epss 0.21

    Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument.

  • CVE-2016-0494Jan 21, 2016
    risk 0.01cvss epss 0.07

    Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

  • CVE-2016-0483Jan 21, 2016
    risk 0.01cvss epss 0.15

    Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU.…

  • CVE-2015-4883Oct 21, 2015
    risk 0.01cvss epss 0.06

    Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860.

  • CVE-2015-4881Oct 21, 2015
    risk 0.01cvss epss 0.06

    Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835.

  • CVE-2015-4843Oct 21, 2015
    risk 0.01cvss epss 0.10

    Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

  • CVE-2015-4805Oct 21, 2015
    risk 0.01cvss epss 0.06

    Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.

  • CVE-2015-4760Jul 16, 2015
    risk 0.01cvss epss 0.08

    Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

Page 8 of 42