450 matches found
CVE-1999-0875
DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes.
CVE-2000-0317
Buffer overflow in Solaris 7 lpset allows local users to gain root privileges via a long -r option.
CVE-2001-0190
Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and possibly other operating systems, allows local users to gain privileges by executing cu with a long program name (arg0).
CVE-2002-0679
Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.
CVE-2002-1584
Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other platforms, allows remote attackers to gain privileges.
CVE-2002-1980
Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 through 8 allows local users to execute arbitrary code via unknown attack vectors.
CVE-2003-1078
The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login.
CVE-2004-1355
Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.
CVE-2007-0393
Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.
CVE-2007-3093
Unspecified vulnerability in the logging mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote attackers to execute arbitrary code via unspecified vectors, related to the WBEM server.
CVE-2007-3094
Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server.
CVE-2007-3723
The process scheduler in the Sun Solaris kernel does not make use of the process statistics kept by the kernel and performs scheduling based upon CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption), as described in "Secr...
CVE-2008-5684
Unspecified vulnerability in the X Inter Client Exchange library (aka libICE) in Sun Solaris 8 through 10 and OpenSolaris before snv_85 allows context-dependent attackers to cause a denial of service (application crash), as demonstrated by a port scan that triggers a segmentation violation in the G...
CVE-2009-2952
Unspecified vulnerability in the pollwakeup function in Sun Solaris 10, and OpenSolaris before snv_51, allows local users to cause a denial of service (panic) via unknown vectors.
CVE-2009-3432
Unspecified vulnerability in xscreensaver in Sun Solaris 10, and OpenSolaris before snv_112, when Xorg or Xnewt is used and RandR is enabled, allows physically proximate attackers to read a locked screen via unknown vectors related to XRandR resize events.
CVE-1999-0040
Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.
CVE-2000-0337
Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev parameter.
CVE-2003-1071
rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header.
CVE-2006-2064
Unspecified vulnerability in the libpkcs11 library in Sun Solaris 10 might allow local users to gain privileges or cause a denial of service (application failure) via unknown attack vectors that involve the getpwnam family of non-reentrant functions.
CVE-2007-0503
Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors.
CVE-2007-3223
Unspecified vulnerability in the NFS server in Sun Solaris 10 before 20070613 allows remote attackers to cause a denial of service (system crash) via certain XDR data in NFS requests, probably related to processing of data by the xdr_bool and xdrmblk_getint32 functions.
CVE-2007-3470
Multiple unspecified vulnerabilities in the KSSL kernel module in Sun Solaris 10, when configured with the KSSL proxy, allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors related to "memory buffers" of Secure Socket Layer (SSL) records.
CVE-2009-0132
Integer overflow in the aio_suspend function in Sun Solaris 8 through 10 and OpenSolaris, when 32-bit mode is enabled, allows local users to cause a denial of service (panic) via a large integer value in the second argument (aka nent argument).
CVE-2009-1276
XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail not...
CVE-2009-1478
Multiple unspecified vulnerabilities in the DTrace ioctl handlers in Sun Solaris 10, and OpenSolaris before snv_114, allow local users to cause a denial of service (panic) via unknown vectors.
CVE-2009-2283
Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2296
The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors.
CVE-1999-0442
Solaris ff.core allows local users to modify files.
CVE-1999-0674
The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.
CVE-2000-0030
Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database.
CVE-2002-1345
Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.
CVE-2003-0669
Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users.
CVE-2004-1354
The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) at...
CVE-2006-5073
Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets, a different vulnerability than CVE-2006-5013.
CVE-2007-3069
xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session with Assistive Technology support is running, allows attackers with physical access to take control of the session after entering an Alt-Tab sequence.
CVE-2008-5010
in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ID 6713805.
CVE-2009-0304
The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficient validation security vulnerability," as demonstrated by SunOSipv6.c.
CVE-2009-2486
Unspecified vulnerability in the SCTP implementation in Sun Solaris 10, and OpenSolaris before snv_120, allows remote attackers to cause a denial of service (panic) via unspecified packets.
CVE-2009-3100
xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking the screen and then attempting to launch an A...
CVE-1999-0057
Vacation program allows command execution by remote users through a sendmail command.
CVE-1999-0099
Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.
CVE-1999-0109
Buffer overflow in ffbconfig in Solaris 2.5.1.
CVE-1999-0321
Buffer overflow in Solaris kcms_configure command allows local users to gain root access.
CVE-1999-0568
rpc.admind in Solaris is not running in a secure mode.
CVE-1999-0949
Buffer overflow in canuum program for Canna input system allows local users to gain root privileges.
CVE-2002-0085
cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a denial of service (crash) via an invalid procedure call in an RPC request.
CVE-2002-1587
The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 allows local users to cause a denial of service (hang) of an application that uses libthread by causing the application to wait for a certain mutex.
CVE-2002-1871
pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" (question mark) in the (1) mode, (2) owner, or (3) group fields, which allows attackers to elevate privileges.
CVE-2003-1061
Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines.
CVE-2004-0653
Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files.