CVE-2026-39883 OpenTelemetry-Go has an incomplete fix for CVE-2026-24051: BSD kenv command not using absolute path enables PATH hijacking

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...

CVE-2024-5828

Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00...

Security Bulletin: IBM Sterling Connect:Direct FTP+ is vulnerable to various attacks due to IBM Runtime Environment Java Technology Edition Version 8

Summary IBM Java 8 is used by IBM Sterling Connect:Direct FTP+ on Solaris platform in product configuration and data transmission. IBM Sterling Connect:Direct FTP+ on Solaris platform is impacted by vulnerabilities in IBM Java 8. IBM Sterling Connect:Direct FTP+ on Solaris platform has upgraded I...

SUSE CVE-2012-0217

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microso...

Code Execution Vulnerability in DouPHP_1.5

DouPHP1.5 is a lightweight enterprise website management system, based on PHP+Mysql architecture, running on Linux, Windows, MacOSX, Solaris and other platforms. DouPHP1.5 suffers from a code execution vulnerability that can be exploited by attackers to execute arbitrary code...

VulnCheck KEV: CVE-2012-0773

The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers...

Moderate: Red Hat Security Advisory: openssl security update

An update for the OpenSSL component for JBoss Enterprise Web Platform 5.2.0 for Solaris and Microsoft Windows that fixes two security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common...

flash-plugin: multiple code execution flaws (APSB12-03)

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified...

flash-plugin: mulitple code execution flaws (APSB11-28)

Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a...

flash-plugin: multiple arbitrary code execution flaws (APSB-11-21)

Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service memory corruption via...

flash-plugin: Cross-site scripting vulnerability fixed in APSB11-26

Cross-site scripting XSS vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as...

flash-plugin: critical flaws fixed in APSB11-26

Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service browser crash via unspecified vectors, related to a "logic error issue."...

flash-plugin: crash and potential arbitrary code execution (APSB11-12)

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and...

flash-plugin: crash and potential arbitrary code execution (APSB11-12)

Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors...

flash-plugin: security bulletin APSB10-26

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service memory corruption via unknown vectors, a different vulnerability...

flash-plugin: security bulletin APSB10-26

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in the kernel in Sun Solaris 10 and OpenSolaris 2009.06 on the x86-64 platform allows local users to gain privileges via unknown vectors, as demonstrated by the vdsollocal module in VulnDisco Pack Professional 8.12. NOTE: as of 20091203, this disclosure has no actionable...

Solaris 7/8/9 CDE LibDTHelp Local Buffer Overflow Exploit

No description provided by source. / $Id: raptorlibdthelp.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorlibdthelp.c - libDtHelp.so local, Solaris/SPARC 7/8/9 Copyright c 2003-2004 Marco Ivaldi [email protected] Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary...

DEBIAN-CVE-2008-0006

Buffer overflow in 1 X.Org Xserver before 1.4.1, and 2 the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCFBDFENCODINGS...

security flaw

Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service memory corruption an...