pam_ldap authentication module in Solaris 8 allows remote attackers to bypass authentication via a NULL...
7.7AI Score
0.005EPSS
Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and possibly other operating systems, allows local users to gain privileges by executing cu with a long program name...
7.1AI Score
0.0004EPSS
Buffer overflow in exrecover in Solaris 2.6 and earlier possibly allows local users to gain privileges via a long command line...
7.8AI Score
0.0004EPSS
Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f...
8.3AI Score
0.0004EPSS
catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the sman_PID temporary...
6.5AI Score
0.0004EPSS
patchadd in Solaris allows local users to overwrite arbitrary files via a symlink...
7.1AI Score
0.0004EPSS
Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g...
7.7AI Score
0.0005EPSS
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and...
7.4AI Score
0.005EPSS
Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long...
7AI Score
0.001EPSS
Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p...
8.2AI Score
0.0004EPSS
Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d...
7AI Score
0.0004EPSS
Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev...
7.6AI Score
0.0004EPSS
Buffer overflow in Solaris 7 lpset allows local users to gain root privileges via a long -r...
7.6AI Score
0.0004EPSS
Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n...
7.7AI Score
0.0004EPSS
/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e...
6.1AI Score
0.0004EPSS
Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root privileges via environment variables, a different vulnerability than...
6.8AI Score
0.001EPSS
The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root...
7.4AI Score
0.001EPSS
loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitize its environment, which allows local users to gain privileges, a different vulnerability than...
6.7AI Score
0.001EPSS
lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000...
7.2AI Score
0.0004EPSS
Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db...
7.1AI Score
0.05EPSS
Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db...
7.1AI Score
0.005EPSS
Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE...
7.4AI Score
0.014EPSS
Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad...
8.1AI Score
0.006EPSS
Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose...
8AI Score
0.019EPSS
Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse...
6.9AI Score
0.0004EPSS
Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink...
7AI Score
0.0004EPSS
Buffer overflow in CDE dtmail and dtmailpr programs allows local users to gain privileges via a long -f...
7AI Score
0.0004EPSS
Buffer overflow in CDE mailtool allows local users to gain root privileges via a long MIME...
7.6AI Score
0.0004EPSS
7.6AI Score
0.0004EPSS
7AI Score
0.008EPSS
6.8AI Score
0.003EPSS
6.8AI Score
0.0004EPSS
6.7AI Score
0.019EPSS
6.8AI Score
0.008EPSS
Buffer overflow in uum program for Canna input system allows local users to gain root...
7.7AI Score
0.0004EPSS
Buffer overflow in canuum program for Canna input system allows local users to gain root...
7.7AI Score
0.0004EPSS
Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to...
7.2AI Score
0.002EPSS
The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink...
7.2AI Score
0.0004EPSS
Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m...
7.7AI Score
0.0004EPSS
The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink...
8AI Score
0.0004EPSS
Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user...
7.6AI Score
0.0004EPSS
The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute...
7.8AI Score
0.011EPSS
Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental...
7.7AI Score
0.0004EPSS
DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default...
7.5AI Score
0.015EPSS
sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink...
7AI Score
0.0005EPSS
The BSD profil system call allows a local user to modify the internal data space of a program via profiling and...
7.2AI Score
0.0004EPSS
7AI Score
0.007EPSS
useradd in Solaris 7.0 does not properly interpret certain date formats as specified in the "-e" (expiration date) argument, which could allow users to login after their accounts have...
7.3AI Score
0.0005EPSS
The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password...
7.3AI Score
0.0004EPSS
rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in...
6.9AI Score
0.013EPSS