Lucene search

K
SunSolaris

44 matches found

CVE
CVE
added 2005/06/21 4:0 a.m.62 views

CVE-2001-1503

The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host.

2.1CVSS6.5AI score0.00215EPSS
CVE
CVE
added 2006/10/10 4:6 a.m.54 views

CVE-2006-5215

The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.

2.6CVSS6.1AI score0.00079EPSS
CVE
CVE
added 2007/02/13 1:28 a.m.51 views

CVE-2007-0895

Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir ...

2.6CVSS6.1AI score0.00074EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.50 views

CVE-2004-1355

Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.

2.1CVSS6.5AI score0.00071EPSS
CVE
CVE
added 2007/07/12 4:30 p.m.50 views

CVE-2007-3723

The process scheduler in the Sun Solaris kernel does not make use of the process statistics kept by the kernel and performs scheduling based upon CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption), as described in "Secr...

2.1CVSS6.1AI score0.00053EPSS
CVE
CVE
added 2005/02/08 5:0 a.m.49 views

CVE-2003-1071

rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header.

2.1CVSS6.8AI score0.00322EPSS
CVE
CVE
added 2009/04/09 3:8 p.m.49 views

CVE-2009-1276

XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail not...

2.1CVSS5.8AI score0.00066EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.48 views

CVE-1999-0442

Solaris ff.core allows local users to modify files.

2.1CVSS6.7AI score0.00154EPSS
CVE
CVE
added 2005/02/08 5:0 a.m.47 views

CVE-2002-1587

The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 allows local users to cause a denial of service (hang) of an application that uses libthread by causing the application to wait for a certain mutex.

2.1CVSS6.6AI score0.00065EPSS
CVE
CVE
added 2004/08/06 4:0 a.m.47 views

CVE-2004-0653

Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files.

2.1CVSS9.2AI score0.00098EPSS
CVE
CVE
added 2005/02/24 5:0 a.m.46 views

CVE-2004-0481

The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file.

2.1CVSS6.4AI score0.00054EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.45 views

CVE-1999-0132

Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access.

2.1CVSS7.4AI score0.00358EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.45 views

CVE-1999-0859

Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly.

2.1CVSS6.6AI score0.00175EPSS
CVE
CVE
added 2006/03/09 1:6 p.m.45 views

CVE-2006-1092

Unspecified vulnerability in the pagedata subsystem of the process file system (/proc) in Solaris 8 through 10 allows local users to cause a denial of service (system hang or panic) via unknown attack vectors that cause cause the kmem_oversize arena to allocate a large amount of system memory that ...

2.1CVSS6.2AI score0.00067EPSS
CVE
CVE
added 2006/03/29 1:0 a.m.44 views

CVE-1999-1587

/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.

2.1CVSS6AI score0.00132EPSS
CVE
CVE
added 2005/10/17 8:6 p.m.43 views

CVE-2005-3250

Unknown vulnerability in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors related to the "/proc" filesystem, which trigger a null dereference.

2.1CVSS6AI score0.00065EPSS
CVE
CVE
added 2005/05/11 4:0 a.m.42 views

CVE-2005-1518

Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services (FNS), autofs, and FNS X.500 configuration, allows local users to cause a denial of service (automountd crash) when "accessing" /xfn/_x500.

2.1CVSS6.6AI score0.00058EPSS
CVE
CVE
added 2006/01/17 8:7 p.m.42 views

CVE-2006-0227

Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors.

2.6CVSS6.7AI score0.0007EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.41 views

CVE-2004-1346

The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users to cause a denial of service (kernel panic) via a malformed probe request to the SVM.

2.1CVSS6.1AI score0.00087EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.41 views

CVE-2005-2032

Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files.

2.1CVSS6.3AI score0.00058EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.40 views

CVE-1999-1423

ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.

2.1CVSS7AI score0.00331EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.40 views

CVE-2001-1066

ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack.

2.1CVSS6.4AI score0.00087EPSS
CVE
CVE
added 2005/02/08 5:0 a.m.40 views

CVE-2003-1072

Memory leak in lofiadm in Solaris 8 allows local users to cause a denial of service (kernel memory consumption).

2.1CVSS6.2AI score0.00065EPSS
CVE
CVE
added 2008/07/31 10:41 p.m.40 views

CVE-2008-3426

Unspecified vulnerability in the Solaris Platform Information and Control Library daemon (picld) in Sun Solaris 8 through 10, and OpenSolaris builds snv_01 through snv_95, allows local users to cause a denial of service via unknown vectors that prevent operation of utilities such as prtdiag, prtpic...

2.1CVSS6AI score0.00069EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.39 views

CVE-1999-0860

Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink attack.

2.1CVSS6.6AI score0.00175EPSS
CVE
CVE
added 2005/02/08 5:0 a.m.39 views

CVE-2002-1586

Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference.

2.1CVSS6.6AI score0.00067EPSS
CVE
CVE
added 2005/09/27 7:3 p.m.39 views

CVE-2005-3071

Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9, when logging is enabled, allows local users to cause a denial of service ("soft hang") via certain write operations to UFS.

2.1CVSS6.2AI score0.00063EPSS
CVE
CVE
added 2006/02/02 11:2 a.m.39 views

CVE-2006-0516

Unspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors.

2.1CVSS6AI score0.00063EPSS
CVE
CVE
added 2006/08/23 1:4 a.m.39 views

CVE-2006-4303

Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solaris 10 allows remote attackers to cause a denial of service ("tight loop" and CPU consumption for listener applications) via unknown vectors related to TCP fusion (do_tcp_fusion).

2.6CVSS6.6AI score0.00711EPSS
CVE
CVE
added 2008/12/19 5:30 p.m.39 views

CVE-2008-5690

The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the stor...

2.1CVSS8.5AI score0.00043EPSS
CVE
CVE
added 2005/02/08 5:0 a.m.38 views

CVE-2002-1589

Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, KMF_DEADBEEF, or deadbeef) is set in the kmem_flags kernel parameter, allows local users to cause a denial of service (system panic).

2.1CVSS6.5AI score0.00065EPSS
CVE
CVE
added 2005/09/20 11:3 p.m.38 views

CVE-2005-3001

Unspecified vulnerability in the "tl" driver in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.

2.1CVSS6.1AI score0.00063EPSS
CVE
CVE
added 2006/02/01 8:0 p.m.38 views

CVE-2005-4706

Unspecified vulnerability in the "privilege management" feature of Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors that trigger a null dereference in the secpolicy_fs_common function.

2.1CVSS6.5AI score0.0007EPSS
CVE
CVE
added 2006/04/13 10:2 a.m.38 views

CVE-2006-1780

The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to cause a denial of service (sh crash) via an unspecified attack vector that causes sh processes to crash during creation of temporary files.

2.1CVSS6.1AI score0.00067EPSS
CVE
CVE
added 2005/02/08 5:0 a.m.37 views

CVE-2003-1077

Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service (UFS file system hang).

2.1CVSS6.6AI score0.0007EPSS
CVE
CVE
added 2006/04/13 10:2 a.m.36 views

CVE-2006-1782

Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name (rootDN) password when a privileged user (1) runs idsconfig; or "insecurely" runs LDAP2 commands with the -w option, including (2) ldapadd, (3) ldapdelete, (4) ldapmodify, (5)...

2.1CVSS6.5AI score0.00092EPSS
CVE
CVE
added 2004/08/06 4:0 a.m.35 views

CVE-2004-0654

Unknown vulnerability in the Basic Security Module (BSM), when configured to audit either the Administrative (ad) or the System-Wide Administration (as) audit class in Solaris 7, 8, and 9, allows local users to cause a denial of service (kernel panic).

2.1CVSS6.6AI score0.00128EPSS
CVE
CVE
added 2006/07/25 1:22 p.m.35 views

CVE-2006-3825

The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication.

2.1CVSS6.4AI score0.00071EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.34 views

CVE-2004-1356

Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.

2.1CVSS6.5AI score0.00063EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.33 views

CVE-1999-1137

The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.

2.1CVSS7AI score0.00077EPSS
CVE
CVE
added 2006/02/01 8:0 p.m.33 views

CVE-2005-4701

Unspecified vulnerability in Process File System (procfs) in Sun Solaris 10 allows local users to obtain sensitive information such as process working directories via unknown attack vectors, possibly pwdx.

2.1CVSS5.9AI score0.00072EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.32 views

CVE-1999-1402

The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.

2.1CVSS7.3AI score0.00115EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.31 views

CVE-1999-1118

ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters.

2.1CVSS7AI score0.00063EPSS
CVE
CVE
added 2005/12/09 3:3 p.m.28 views

CVE-2005-4133

Sun Update Connection in Sun Solaris 10, when configured to use a web proxy, allows local users to obtain the proxy authentication password via (1) an unspecified vector and (2) proxy log files.

2.1CVSS7AI score0.0008EPSS