450 matches found
CVE-2006-0769
Unspecified vulnerability in in.rexecd in Solaris 10 allows local users to gain privileges on Kerberos systems via unknown attack vectors.
CVE-2006-4319
Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.
CVE-2006-5214
Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession ...
CVE-2007-0165
Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.
CVE-2007-0634
Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.
CVE-2007-2882
Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets.
CVE-2008-0242
Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions.
CVE-2008-2089
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet.
CVE-2008-3426
Unspecified vulnerability in the Solaris Platform Information and Control Library daemon (picld) in Sun Solaris 8 through 10, and OpenSolaris builds snv_01 through snv_95, allows local users to cause a denial of service via unknown vectors that prevent operation of utilities such as prtdiag, prtpic...
CVE-2009-0346
The IP-in-IP packet processing implementation in the IPsec and IP stacks in the kernel in Sun Solaris 9 and 10, and OpenSolaris snv_01 though snv_85, allows local users to cause a denial of service (panic) via a self-encapsulated packet that lacks IPsec protection.
CVE-2009-0480
The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of service (32-bit application failure and login outage) by opening a large number of sockets.
CVE-2009-3746
XScreenSaver in Sun Solaris 10, when the accessibility feature is enabled, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276 and CVE-2009-2711.
CVE-1999-0318
Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.
CVE-1999-0773
Buffer overflow in Solaris lpset program allows local users to gain root access.
CVE-1999-0860
Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink attack.
CVE-2002-1296
Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module.
CVE-2002-1586
Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference.
CVE-2002-2203
Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows local users to monitor keystrokes and possibly steal sensitive information.
CVE-2004-2306
Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection.
CVE-2005-0248
The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to break into those accounts.
CVE-2005-3071
Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9, when logging is enabled, allows local users to cause a denial of service ("soft hang") via certain write operations to UFS.
CVE-2005-4796
Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits.
CVE-2006-0516
Unspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors.
CVE-2006-3920
The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm.
CVE-2006-4303
Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solaris 10 allows remote attackers to cause a denial of service ("tight loop" and CPU consumption for listener applications) via unknown vectors related to TCP fusion (do_tcp_fusion).
CVE-2006-4307
Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via unspecified vectors involving profiles that permit running format with elevated privileges, a different issue than CVE-2006-4306 and CVE-2006-4319.
CVE-2007-2529
Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL.
CVE-2007-5118
Unspecified vulnerability in the HID (Human Interface Device) class driver in Sun Solaris 8, 9, and 10 before 20070925 allows local users to cause a denial of service (panic) via unspecified vectors.
CVE-2007-5368
Multiple unspecified vulnerabilities in labeld in Trusted Extensions in Sun Solaris 10 allow local users to cause a denial of service (multiple application hang) via unspecified vectors.
CVE-2008-5690
The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the stor...
CVE-2008-5699
The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris snv_50 through snv_104 does not properly check permissions, which allows local users to gain privileges and obtain sensitive information via unspecified vectors.
CVE-2009-2187
Multiple memory leaks in the (1) IP and (2) IPv6 multicast implementation in the kernel in Sun Solaris 10, and OpenSolaris snv_67 through snv_93, allow local users to cause a denial of service (memory consumption) via vectors related to the association of (a) DL_ENABMULTI_REQ and (b) DL_DISABMULTI_...
CVE-2009-2488
Unspecified vulnerability in the NFSv4 module in the kernel in Sun Solaris 10, and OpenSolaris snv_102 through snv_119, allows local users to cause a denial of service (client panic) via vectors involving "file operations."
CVE-2009-3183
Heap-based buffer overflow in w in Sun Solaris 8 through 10, and OpenSolaris before snv_124, allows local users to gain privileges via unspecified vectors.
CVE-2009-3706
Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and OpenSolaris snv_100 through snv_117, allows local users to bypass intended limitations of the file_chown_self privilege via certain uses of the chown system call.
CVE-2010-0310
Trusted Extensions in Sun Solaris 10 allows local users to gain privileges via vectors related to omission of unspecified libraries from software updates.
CVE-1999-0296
Solaris volrmmount program allows attackers to read any file.
CVE-1999-0982
The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.
CVE-2000-0055
Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.
CVE-2002-1589
Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, KMF_DEADBEEF, or deadbeef) is set in the kmem_flags kernel parameter, allows local users to cause a denial of service (system panic).
CVE-2002-1590
The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of...
CVE-2002-2089
Buffer overflow in rcp in Solaris 9.0 allows local users to execute arbitrary code via a long command line argument.
CVE-2003-1059
Unknown vulnerability in the libraries for the PGX32 frame buffer in Solaris 2.5.1 and 2.6 through 9 allows local users to gain root access.
CVE-2003-1079
Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated.
CVE-2005-3001
Unspecified vulnerability in the "tl" driver in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.
CVE-2005-4706
Unspecified vulnerability in the "privilege management" feature of Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors that trigger a null dereference in the secpolicy_fs_common function.
CVE-2006-1780
The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to cause a denial of service (sh crash) via an unspecified attack vector that causes sh processes to crash during creation of temporary files.
CVE-2006-5075
The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris 10 before 20060926 allows remote attackers to cause a denial of service (system crash) via unspecified vectors related to an SSL client.
CVE-2007-2465
Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing (BSM) is enabled for file read, write, attribute modify, create, or delete audit classes, allows local users to cause a denial of service (panic) via unknown vectors, possibly related to the audit_savepath function.
CVE-2007-4492
Multiple unspecified vulnerabilities in the ata disk driver in Sun Solaris 8, 9, and 10 on the x86 platform before 20070821 allow local users to cause a denial of service (system panic) via unspecified ioctl functions, aka Bug 6433123.