Sunos@5.9 Security Vulnerabilities and Issues — Sunos@5.9 CVE List

Lucene search

SunSunos5.9

11 matches found

CVE•added 2007/07/12 4:30 p.m.•59 views

CVE-2007-3717

rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225.

6.9CVSS9.1AI score0.00082EPSS

CVE•added 2007/04/16 10:19 p.m.•53 views

CVE-2007-2045

Unspecified vulnerability in the IP implementation in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (CPU consumption) via crafted IP packets, probably related to fragmented packets with duplicate or missing fragments.

5CVSS6.6AI score0.01824EPSS

CVE•added 2007/06/06 9:30 p.m.•50 views

CVE-2007-3093

Unspecified vulnerability in the logging mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote attackers to execute arbitrary code via unspecified vectors, related to the WBEM server.

10CVSS7.6AI score0.1406EPSS

CVE•added 2007/06/06 9:30 p.m.•50 views

CVE-2007-3094

Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server.

9CVSS7.4AI score0.02031EPSS

CVE•added 2007/03/07 8:19 p.m.•47 views

CVE-2006-7140

The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctl...

5.8CVSS7.2AI score0.07729EPSS

CVE•added 2007/11/10 2:46 a.m.•43 views

CVE-2007-5921

Unspecified vulnerability in the ioctl interface in the Solaris Volume Manager (SVM) in Sun Solaris 9 and 10 allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than CVE-2004-1346.

4.7CVSS6AI score0.00087EPSS

CVE•added 2007/05/30 1:30 a.m.•40 views

CVE-2007-2882

Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets.

5CVSS6.4AI score0.02604EPSS

CVE•added 2007/05/02 10:19 p.m.•38 views

CVE-2007-2465

Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing (BSM) is enabled for file read, write, attribute modify, create, or delete audit classes, allows local users to cause a denial of service (panic) via unknown vectors, possibly related to the audit_savepath function.

4.7CVSS6.4AI score0.00061EPSS

CVE•added 2007/10/05 12:17 a.m.•36 views

CVE-2007-5225

Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl.

4.9CVSS5.7AI score0.00187EPSS

CVE•added 2007/08/13 9:17 p.m.•35 views

CVE-2007-4310

The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows remote attackers to list all accounts that have certain nonstandard GECOS fields via a request composed of a single digit, as demonstrated by a "finger 9@host" command, a different vulnerability than CVE-2001-1503.

4.3CVSS6.4AI score0.00283EPSS

CVE•added 2007/09/23 11:0 p.m.•32 views

CVE-2004-2686

Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure.

7.2CVSS6.4AI score0.00211EPSS