CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

SUN : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2007-5365 119 DoS Exec Code Overflow 2007-10-11 2018-10-15
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.
152 CVE-2007-5237 264 2007-10-06 2017-09-29
7.1
None Remote High Not required Complete Complete None
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulnerabilities."
153 CVE-2007-5152 287 2007-10-01 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks.
154 CVE-2007-4395 +Priv 2007-08-17 2018-10-30
7.6
None Remote High Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Role Based Access Control (RBAC) functionality in Sun Solaris 8 allow remote attackers who know the password for a role to gain privileges via that role.
155 CVE-2007-4164 Http R.Spl. 2007-08-07 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
156 CVE-2007-3698 DoS 2007-07-11 2018-10-30
7.8
None Remote Low Not required None None Complete
The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.
157 CVE-2007-3471 Exec Code Overflow 2007-06-28 2017-09-29
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors.
158 CVE-2007-3470 DoS 2007-06-28 2017-09-29
7.8
None Remote Low Not required None None Complete
Multiple unspecified vulnerabilities in the KSSL kernel module in Sun Solaris 10, when configured with the KSSL proxy, allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors related to "memory buffers" of Secure Socket Layer (SSL) records.
159 CVE-2007-3248 DoS 2007-06-18 2017-10-11
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 interfaces are present but not configured for IPsec, allows remote attackers to cause a denial of service (system crash) via certain network traffic.
160 CVE-2007-3223 DoS 2007-06-14 2018-10-30
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the NFS server in Sun Solaris 10 before 20070613 allows remote attackers to cause a denial of service (system crash) via certain XDR data in NFS requests, probably related to processing of data by the xdr_bool and xdrmblk_getint32 functions.
161 CVE-2007-2989 DoS 2007-06-01 2017-10-11
7.8
None Remote Low Not required None None Complete
The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298.
162 CVE-2007-2529 DoS +Priv 2007-05-09 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL.
163 CVE-2007-2466 DoS 2007-05-02 2017-07-29
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the LDAP Software Development Kit (SDK) for C, as used in Sun Java System Directory Server 5.2 up to Patch 4 and Sun ONE Directory Server 5.1, allows remote attackers to cause a denial of service (crash) via certain BER encodings.
164 CVE-2007-1681 DoS Exec Code +Info 2007-04-19 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog.
165 CVE-2007-1488 2007-03-16 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application.
166 CVE-2007-0914 DoS 2007-02-14 2017-10-11
7.1
None Remote Medium Not required None None Complete
Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors.
167 CVE-2007-0634 DoS 2007-01-31 2017-10-11
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.
168 CVE-2007-0470 +Priv 2007-01-24 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors.
169 CVE-2007-0165 DoS 2007-01-10 2018-10-30
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.
170 CVE-2006-7028 DoS 2007-02-23 2018-10-30
7.8
None Remote Low Not required None None Complete
Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allows remote attackers to cause a denial of service (console hang) via a flood of small TCP/IP packets. NOTE: this issue has not been replicated by third parties. In addition, the cause is unknown, although it might be related to "jabber" and generation of a large amount of interrupts within the console, or a hardware error.
171 CVE-2006-5075 DoS 2006-09-29 2017-07-20
7.8
None Remote Low Not required None None Complete
The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris 10 before 20060926 allows remote attackers to cause a denial of service (system crash) via unspecified vectors related to an SSL client.
172 CVE-2006-5073 DoS 2006-09-29 2018-10-30
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets, a different vulnerability than CVE-2006-5013.
173 CVE-2006-5013 DoS 2006-09-27 2017-10-11
7.8
None Remote Low Not required None None Complete
Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 systems using IPv6, allows remote attackers to cause a denial of service (kernel panic) via crafted IPv6 packets.
174 CVE-2006-4319 Exec Code Overflow 2006-08-24 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.
175 CVE-2006-4307 2006-08-23 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via unspecified vectors involving profiles that permit running format with elevated privileges, a different issue than CVE-2006-4306 and CVE-2006-4319.
176 CVE-2006-4306 Exec Code 2006-08-23 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 allows local users to execute arbitrary commands via unspecified vectors, involving the default Role-Based Access Control (RBAC) settings in the "File System Management" profile.
177 CVE-2006-4175 DoS 2007-03-26 2017-07-20
7.8
None Remote Low Not required None None Complete
The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service (crash) via malformed queries, probably malformed BER queries, which trigger a free of uninitialized memory locations.
178 CVE-2006-3941 DoS Exec Code Overflow 2006-07-31 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the daemons for Sun N1 Grid Engine 5.3 and N1 Grid Engine 6.0 allows local users to cause a denial of service (grid service shutdown) and possibly execute arbitrary code using buffer overflows via unknown vectors that cause (1) qmaster or (2) execd to terminate.
179 CVE-2006-3781 DoS 2006-07-24 2017-10-11
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Sun Solaris 10 allows context-dependent attackers to cause a denial of service (panic) via unspecified vectors involving the event port API.
180 CVE-2006-3127 399 DoS 2006-06-21 2011-03-07
7.8
None Remote Low Not required None None Complete
Memory leak in Network Security Services (NSS) 3.11, as used in Sun Java Enterprise System 2003Q4 through 2005Q1 and Java System Directory Server 5.2, allows remote attackers to cause a denial of service (memory consumption) by performing a large number of RSA cryptographic operations.
181 CVE-2006-3117 119 Exec Code Overflow 2006-06-30 2018-10-18
7.6
None Remote High Not required Complete Complete Complete
Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability."
182 CVE-2006-2790 +Priv 2006-06-02 2017-07-20
7.2
None Local Low Not required Complete Complete Complete
A package component in Sun Storage Automated Diagnostic Environment (StorADE) 2.4 uses world-writable permissions for certain critical files and directories, which allows local users to gain privileges.
183 CVE-2006-2513 +Priv 2006-05-22 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the installation process in Sun Java System Directory Server 5.2 causes wrong user data to be written to a file created by the installation, which allows remote attackers or local users to gain privileges.
184 CVE-2006-2199 2006-06-30 2018-10-18
7.6
None Remote High Not required Complete Complete Complete
Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents.
185 CVE-2006-2198 264 2006-06-30 2018-10-18
7.6
None Remote High Not required Complete Complete Complete
OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user.
186 CVE-2006-1506 +Priv 2006-03-30 2011-03-08
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine 5.3 before 20060327 and N1 Grid Engine 6.0 before 20060327 allows local users to gain root privileges.
187 CVE-2006-0901 DoS Exec Code 2006-02-27 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and 10 allows unspecified attackers to cause a denial of service (panic) or execute arbitrary code.
188 CVE-2006-0769 +Priv 2006-02-18 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in in.rexecd in Solaris 10 allows local users to gain privileges on Kerberos systems via unknown attack vectors.
189 CVE-2006-0745 Exec Code Bypass 2006-03-21 2018-10-19
7.2
None Local Low Not required Complete Complete Complete
X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.
190 CVE-2006-0531 +Priv Bypass 2006-02-04 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool.
191 CVE-2006-0408 Exec Code +Priv 2006-01-25 2017-07-20
7.2
None Local Low Not required Complete Complete Complete
rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users to gain privileges and execute arbitrary code via unspecified vectors, possibly involving command line arguments.
192 CVE-2006-0190 DoS +Priv 2006-01-13 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions from the mm driver.
193 CVE-2005-4885 2010-01-28 2010-01-31
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability on certain Sun StorEdge 6130 (SE6130) Controller Arrays allows remote attackers to delete data via unknown vectors.
194 CVE-2005-4795 +Priv 2005-12-31 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the multi-language environment library (libmle) in Solaris 7 and 8, as shipped with the Japanese locale, allows local users to gain privileges via unknown attack vectors.
195 CVE-2005-4552 +Priv 2005-12-28 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 create temporary files insecurely, which allows local users to gain privileges.
196 CVE-2005-4350 DoS 2005-12-20 2011-03-08
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 and A.02.x before A.02.00.08 on HP-UX B.11.00 through B.11.23 allows remote attackers to cause an unspecified denial of service via unknown attack vectors.
197 CVE-2005-4045 2005-12-07 2011-05-19
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in System Communications Services 6 Delegated Administrator 2005Q1 in Sun Java System Messaging Server 2005Q1 allows remote attackers to obtain the Top-Level Administrator (TLA) default password via unknown vectors, possibly involving configure_toplevel_admin.ldif.
198 CVE-2005-3907 2005-11-30 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Java Runtime Environment in Java JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors involving untrusted Java applets.
199 CVE-2005-3906 2005-11-30 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1.4.2_08 and earlier and JDK and JRE 5.0 Update 3 and earlier allow remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors, a different set of vulnerabilities than CVE-2005-3905. NOTE: this is associated with the "second and third issues" identified in SUNALERT:102003.
200 CVE-2005-3905 2005-11-30 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.1_15 and earlier, 1.4.2_08 and earlier, and JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors, a different vulnerability than CVE-2005-3906. NOTE: this is associated with the "first issue" identified in SUNALERT:102003.
Total number of vulnerabilities : 404   Page : 1 2 3 4 (This Page)5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.