Sunos Security Vulnerabilities and Issues — Sunos CVE List

Lucene search

SunSunos

31 matches found

CVE•added 2009/03/11 2:19 p.m.•64 views

CVE-2009-0873

The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the sec=sys ...

6.8CVSS6.6AI score0.01052EPSS

CVE•added 2007/07/12 4:30 p.m.•59 views

CVE-2007-3717

rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225.

6.9CVSS9.1AI score0.00082EPSS

CVE•added 2013/01/17 1:55 a.m.•58 views

CVE-2013-0415

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package.

6CVSS5.3AI score0.00043EPSS

CVE•added 2007/01/25 9:28 p.m.•49 views

CVE-2007-0503

Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors.

6.9CVSS6.8AI score0.00034EPSS

CVE•added 2003/04/02 5:0 a.m.•47 views

CVE-1999-1468

rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.

6.2CVSS7.7AI score0.00085EPSS

CVE•added 2012/01/18 10:55 p.m.•46 views

CVE-2012-0100

Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kerberos.

6.8CVSS5.5AI score0.00028EPSS

CVE•added 2012/05/03 10:55 p.m.•45 views

CVE-2012-1691

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Privileges.

6.6CVSS5.7AI score0.00063EPSS

CVE•added 1999/09/29 4:0 a.m.•44 views

CVE-1999-0164

A race condition in the Solaris ps command allows an attacker to overwrite critical files.

6.2CVSS7.4AI score0.00067EPSS

CVE•added 2001/07/02 4:0 a.m.•44 views

CVE-2001-0421

FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed ...

6.4CVSS6.5AI score0.02445EPSS

CVE•added 2014/10/15 10:55 p.m.•44 views

CVE-2014-6529

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hermon HCA PCIe driver.

6.8CVSS6.1AI score0.00672EPSS

CVE•added 2006/09/27 1:7 a.m.•43 views

CVE-2006-5012

Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 allows local users to cause a denial of service (disable syslog) and prevent security messages from being logged via unspecified vectors.

6.6CVSS6.2AI score0.00053EPSS

CVE•added 2012/05/03 10:55 p.m.•42 views

CVE-2012-1694

Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality and integrity, related to libsasl.

6.4CVSS6.2AI score0.00377EPSS

CVE•added 2013/01/17 1:55 a.m.•40 views

CVE-2013-0399

Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Umount.

6.6CVSS5.6AI score0.00043EPSS

CVE•added 2013/01/17 1:55 a.m.•39 views

CVE-2013-0400

Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Filesystem/cachefs.

6.6CVSS5.6AI score0.00043EPSS

CVE•added 2001/09/12 4:0 a.m.•38 views

CVE-1999-1388

passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument.

6.2CVSS7.2AI score0.0005EPSS

CVE•added 2011/04/20 3:14 a.m.•38 views

CVE-2011-0800

Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration Utilities.

6.5CVSS5.5AI score0.00044EPSS

CVE•added 2014/10/15 3:55 p.m.•38 views

CVE-2014-6470

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Archive Utility.

6.8CVSS5.7AI score0.00139EPSS

CVE•added 2013/04/17 12:14 p.m.•37 views

CVE-2013-0405

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality and integrity via vectors related to NFS client mounts and IPv6.

6.4CVSS5.6AI score0.00242EPSS

CVE•added 2013/07/17 1:41 p.m.•37 views

CVE-2013-3786

Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.

6CVSS5.6AI score0.00133EPSS

CVE•added 2001/05/07 4:0 a.m.•36 views

CVE-2001-0059

patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack.

6.2CVSS6.7AI score0.00154EPSS

CVE•added 2006/12/13 1:28 a.m.•36 views

CVE-2006-6495

Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in cas...

6.6CVSS7.6AI score0.00055EPSS

CVE•added 2008/02/29 11:44 a.m.•36 views

CVE-2008-1095

Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly.

6.8CVSS6.8AI score0.00723EPSS

CVE•added 2012/05/03 6:55 p.m.•34 views

CVE-2012-0539

Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to (1) bsmconv and (2) bsmunconv.

6.2CVSS5.6AI score0.00045EPSS

CVE•added 2013/07/17 1:41 p.m.•34 views

CVE-2013-3757

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect integrity and availability via vectors related to SMF/File Locking Services.

6.4CVSS5.9AI score0.00673EPSS

CVE•added 2014/01/15 4:11 p.m.•34 views

CVE-2013-5834

Unspecified vulnerability in Oracle Solaris 8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to ps.

6.2CVSS5.6AI score0.0006EPSS

CVE•added 2014/07/17 5:10 a.m.•34 views

CVE-2014-4225

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Patch installation scripts.

6.9CVSS5.7AI score0.00051EPSS

CVE•added 2006/07/21 2:3 p.m.•33 views

CVE-2006-3728

Unspecified vulnerability in the kernel in Solaris 10 with patch 118822-29 (118844-29 on x86) and without patch 118833-11 (118855-08) allows remote authenticated users to cause a denial of service via unspecified vectors that lead to "kernel data structure corruption" that can trigger a system pani...

6.8CVSS6.5AI score0.01339EPSS

CVE•added 2012/10/17 12:55 a.m.•33 views

CVE-2012-3187

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.

6.9CVSS5.7AI score0.00044EPSS

CVE•added 2006/12/13 1:28 a.m.•32 views

CVE-2006-6494

Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers.

6.6CVSS7.5AI score0.00036EPSS

CVE•added 2015/01/21 2:59 p.m.•30 views

CVE-2014-6518

Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to Unix File System (UFS).

6.6CVSS5.6AI score0.00043EPSS

CVE•added 2008/04/14 4:5 p.m.•28 views

CVE-2008-1778

Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknown vectors.

6.6CVSS6.3AI score0.00051EPSS