Solaris Security Vulnerabilities and Issues — Solaris CVE List

Lucene search

SunSolaris

12 matches found

CVE•added 2004/09/01 4:0 a.m.•84 views

CVE-2002-1317

Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.

7.5CVSS8AI score0.42484EPSS

CVE•added 2004/09/01 4:0 a.m.•62 views

CVE-2002-0158

Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument.

7.2CVSS6.9AI score0.00178EPSS

CVE•added 2004/09/01 4:0 a.m.•54 views

CVE-2002-1323

Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.

4.6CVSS6.2AI score0.00082EPSS

CVE•added 2004/09/01 4:0 a.m.•53 views

CVE-2003-0064

The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary...

7.5CVSS7.2AI score0.00871EPSS

CVE•added 2004/09/01 4:0 a.m.•52 views

CVE-2002-0090

Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option.

7.2CVSS7.5AI score0.00137EPSS

CVE•added 2004/09/01 4:0 a.m.•46 views

CVE-2003-0027

Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.

5CVSS6.7AI score0.65152EPSS

CVE•added 2004/09/01 4:0 a.m.•44 views

CVE-2001-0423

Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ (timezone) environmental variable, a different vulnerability than CAN-2002-0093.

7.2CVSS7.8AI score0.00465EPSS

CVE•added 2004/09/01 4:0 a.m.•44 views

CVE-2002-1199

The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.

5CVSS6.5AI score0.02144EPSS

CVE•added 2004/09/01 4:0 a.m.•43 views

CVE-2003-0058

MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.

5CVSS8.7AI score0.19337EPSS

CVE•added 2004/09/01 4:0 a.m.•41 views

CVE-2001-0548

Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable.

4.6CVSS6.8AI score0.00123EPSS

CVE•added 2004/09/01 4:0 a.m.•40 views

CVE-2001-1066

ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack.

2.1CVSS6.4AI score0.00087EPSS

CVE•added 2004/09/01 4:0 a.m.•39 views

CVE-2002-1296

Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module.

7.2CVSS7.1AI score0.00027EPSS