Filtered by vendor Sun
Subscriptions
Filtered by product Sunos
Subscriptions
Total
609 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4619 | 1 Sun | 1 Sunos | 2025-04-09 | N/A |
| The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of CVE-2007-0165. | ||||
| CVE-2008-2121 | 1 Sun | 1 Sunos | 2025-04-09 | N/A |
| The TCP implementation in Sun Solaris 8, 9, and 10 allows remote attackers to cause a denial of service (CPU consumption and new connection timeouts) via a TCP SYN flood attack. | ||||
| CVE-2006-5214 | 2 Netbsd, Sun | 3 Netbsd, Solaris, Sunos | 2025-04-09 | N/A |
| Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users. | ||||
| CVE-2007-0895 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | N/A |
| Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435. | ||||
| CVE-2006-5215 | 3 Netbsd, Sun, X.org | 4 Netbsd, Solaris, Sunos and 1 more | 2025-04-09 | N/A |
| The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file. | ||||
| CVE-2007-0165 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | N/A |
| Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind. | ||||
| CVE-2008-2708 | 1 Sun | 2 Opensolaris, Sunos | 2025-04-09 | N/A |
| Unspecified vulnerability in the Sun (1) UltraSPARC T2 and (2) UltraSPARC T2+ kernel modules in Sun Solaris 10, and OpenSolaris before snv_93, allows local users to cause a denial of service (panic) via unspecified vectors, probably related to core files. | ||||
| CVE-2009-4080 | 1 Sun | 2 Opensolaris, Sunos | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call to the getldap_lookup function, and unspecified other vectors. | ||||
| CVE-2006-7140 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | N/A |
| The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339. | ||||
| CVE-2009-0838 | 1 Sun | 2 Opensolaris, Sunos | 2025-04-09 | N/A |
| The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv_88 through snv_102, does not properly free memory, which allows local users to cause a denial of service (panic) via unspecified vectors, related to the vmem_hash_delete function. | ||||
| CVE-2008-5550 | 1 Sun | 3 Java Web Console, Solaris, Sunos | 2025-04-09 | N/A |
| Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter. | ||||
| CVE-2008-3666 | 1 Sun | 3 Opensolaris, Solaris, Sunos | 2025-04-09 | N/A |
| Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured; and (2) local users to cause a denial of service (panic) via a call to the sendfile system call, as reachable through the sendfilev library. | ||||
| CVE-2008-3450 | 1 Sun | 1 Sunos | 2025-04-09 | N/A |
| Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors. | ||||
| CVE-2008-3426 | 1 Sun | 3 Opensolaris, Solaris, Sunos | 2025-04-09 | N/A |
| Unspecified vulnerability in the Solaris Platform Information and Control Library daemon (picld) in Sun Solaris 8 through 10, and OpenSolaris builds snv_01 through snv_95, allows local users to cause a denial of service via unknown vectors that prevent operation of utilities such as prtdiag, prtpicl, and prtfru. | ||||
| CVE-2008-2946 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | N/A |
| The SNMP-DMI mapper subagent daemon (aka snmpXdmid) in Solstice Enterprise Agents in Sun Solaris 8 through 10 allows remote attackers to cause a denial of service (daemon crash) via malformed packets. | ||||
| CVE-2008-2710 | 1 Sun | 3 Opensolaris, Solaris, Sunos | 2025-04-09 | N/A |
| Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison. | ||||
| CVE-2006-5201 | 1 Sun | 9 Jdk, Jre, Jsse and 6 more | 2025-04-09 | N/A |
| Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1. | ||||
| CVE-2008-2552 | 1 Sun | 2 Service Tag, Sunos | 2025-04-09 | N/A |
| Unspecified vulnerability in the Service Tag Registry on Sun Solaris 10, and Sun Service Tag before 1.1.3, allows local users to cause a denial of service (disk consumption) via unspecified vectors. | ||||
| CVE-2006-5073 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | N/A |
| Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets, a different vulnerability than CVE-2006-5013. | ||||
| CVE-2001-1328 | 1 Sun | 1 Sunos | 2025-04-03 | N/A |
| Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code. | ||||