CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

SUN : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-1999-0017 1997-12-10 2008-09-09
7.5
None Remote Low Not required Partial Partial Partial
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
2 CVE-1999-0022 Overflow +Priv 1996-07-03 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Local user gains root privileges via buffer overflow in rdist, via expstr() function.
3 CVE-1999-0023 Overflow +Priv 1996-07-24 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Local user gains root privileges via buffer overflow in rdist, via lookup() function.
4 CVE-1999-0032 Exec Code Overflow 1996-10-25 2008-09-09
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.
5 CVE-1999-0033 Exec Code Overflow 1997-06-12 2008-09-09
7.2
None Local Low Not required Complete Complete Complete
Command execution in Sun systems via buffer overflow in the at program.
6 CVE-1999-0038 Exec Code Overflow 1997-04-26 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in xlock program allows local users to execute commands as root.
7 CVE-1999-0040 Exec Code Overflow 1997-05-01 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.
8 CVE-1999-0051 1997-01-06 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX.
9 CVE-1999-0055 Overflow 1998-05-14 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflows in Sun libnsl allow root access.
10 CVE-1999-0056 Overflow 1998-09-09 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in Sun's ping program can give root access to local users.
11 CVE-1999-0057 Exec Code 1998-11-16 2008-09-09
7.5
None Remote Low Not required Partial Partial Partial
Vacation program allows command execution by remote users through a sendmail command.
12 CVE-1999-0065 Exec Code Overflow 1998-08-31 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.
13 CVE-1999-0069 Overflow 1998-04-29 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Solaris ufsrestore buffer overflow.
14 CVE-1999-0084 +Priv 1990-05-01 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.
15 CVE-1999-0109 Overflow 1997-02-10 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in ffbconfig in Solaris 2.5.1.
16 CVE-1999-0120 1994-03-21 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root.
17 CVE-1999-0134 1996-08-06 2008-09-09
7.2
None Local Low Not required Complete Complete Complete
vold in Solaris 2.x allows local users to gain root access.
18 CVE-1999-0135 1996-07-25 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
admintool in Solaris allows a local user to write to arbitrary files and gain root access.
19 CVE-1999-0136 1996-07-31 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access.
20 CVE-1999-0139 Overflow 1998-12-12 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access.
21 CVE-1999-0142 1996-03-01 2008-09-09
7.5
None Remote Low Not required Partial Partial Partial
The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.
22 CVE-1999-0168 Bypass 1992-06-04 2008-09-09
7.5
None Remote Low Not required Partial Partial Partial
The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions.
23 CVE-1999-0185 Exec Code 1997-10-01 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution.
24 CVE-1999-0188 DoS 1998-12-17 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
The passwd command in Solaris can be subjected to a denial of service.
25 CVE-1999-0189 1997-06-04 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111.
26 CVE-1999-0190 1998-04-08 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access.
27 CVE-1999-0212 1998-04-29 2018-10-30
7.8
None Remote Low Not required Complete None None
Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server.
28 CVE-1999-0277 1996-10-28 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
The WorkMan program can be used to overwrite any file to get root access.
29 CVE-1999-0295 1997-10-01 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges.
30 CVE-1999-0296 1998-02-01 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Solaris volrmmount program allows attackers to read any file.
31 CVE-1999-0298 1997-02-05 2008-09-09
7.5
None Remote Low Not required Partial Partial Partial
ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remote attackers to overwrite files via a .. (dot dot) attack.
32 CVE-1999-0300 1997-10-01 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers.
33 CVE-1999-0301 Overflow 1997-08-01 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in SunOS/Solaris ps command.
34 CVE-1999-0302 Exec Code 1998-09-01 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server.
35 CVE-1999-0315 Overflow 1997-04-01 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in Solaris fdformat command gives root access to local users.
36 CVE-1999-0318 Overflow 1997-03-01 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.
37 CVE-1999-0321 Overflow 1998-12-01 2008-09-09
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in Solaris kcms_configure command allows local users to gain root access.
38 CVE-1999-0334 1993-12-16 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access.
39 CVE-1999-0339 Overflow +Priv 1998-08-01 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access.
40 CVE-1999-0369 Overflow 1997-02-01 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access.
41 CVE-1999-0410 Overflow 1999-03-05 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access.
42 CVE-1999-0440 Exec Code 1999-03-01 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.
43 CVE-1999-0493 1999-06-07 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.
44 CVE-1999-0502 1998-03-01 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
A Unix account has a default, null, blank, or missing password.
45 CVE-1999-0517 1997-01-01 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
An SNMP community name is the default (e.g. public), null, or missing.
46 CVE-1999-0674 1999-08-09 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.
47 CVE-1999-0687 Exec Code 1999-09-13 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.
48 CVE-1999-0689 Exec Code 1999-09-13 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.
49 CVE-1999-0691 Overflow +Priv 1999-09-13 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.
50 CVE-1999-0767 Overflow 1999-09-08 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.
Total number of vulnerabilities : 404   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.