Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Solaris Security Vulnerabilities - CVSS Score 3 - 4

cve
cve

CVE-2003-1058

The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files.

6.8AI Score

0.001EPSS

2005-02-08 05:00 AM
30
cve
cve

CVE-2005-0576

Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files.

6.8AI Score

0.0004EPSS

2005-05-02 04:00 AM
30
cve
cve

CVE-2005-4796

Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits.

5.8AI Score

0.0004EPSS

2006-05-05 10:00 PM
24
cve
cve

CVE-2006-4439

pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871.

6AI Score

0.001EPSS

2006-08-29 11:04 PM
33
cve
cve

CVE-2006-4842

The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.

7.3AI Score

0.004EPSS

2006-10-12 12:07 AM
37
cve
cve

CVE-2006-5213

Sun Solaris 10 before 20061006 uses "incorrect and insufficient permission checks" that allow local users to intercept or spoof packets by creating a raw socket on a link aggregation (network device aggregation).

6.3AI Score

0.0004EPSS

2006-10-10 04:06 AM
27
cve
cve

CVE-2007-5319

Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local users with console (/dev/console) access to cause a denial of service ("unusable" system console) via unspecified vectors.

6AI Score

0.002EPSS

2007-10-09 10:17 PM
33
cve
cve

CVE-2007-6505

Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities.

6.5AI Score

0.001EPSS

2007-12-20 11:46 PM
27
cve
cve

CVE-2010-1183

Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager.

6.2AI Score

0.0004EPSS

2010-03-29 10:30 PM
27