CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

SUN : Security Vulnerabilities (CVSS score between 1 and 1.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-1499 2013-04-17 2013-10-10
1.7
None Local Low Single system None None Partial
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Network Configuration.
2 CVE-2013-0403 2013-04-17 2013-12-05
1.9
None Local Medium Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Utility.
3 CVE-2012-3215 2012-10-16 2013-10-10
1.7
None Local Low Single system Partial None None
Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect confidentiality via unknown vectors related to Kernel.
4 CVE-2012-0098 2012-01-18 2012-01-30
1.9
None Local Medium Not required None None Partial
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel.
5 CVE-2011-3561 2011-10-19 2013-10-30
1.8
None Local Network High Not required Partial None None
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
6 CVE-2011-2291 2011-07-20 2011-10-04
1.7
None Local Low Single system Partial None None
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality via unknown vectors related to Trusted Extensions.
7 CVE-2011-0790 2011-04-19 2011-04-20
1.7
None Local Low Single system Partial None None
Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality via unknown vectors related to wbem.
8 CVE-2010-4431 2011-01-19 2011-01-26
1.0
None Local High Single system Partial None None
Unspecified vulnerability in Oracle Sun Java System Portal Server 7.1 and 7.2 allows local users to affect confidentiality via unknown vectors related to Proxy.
9 CVE-2009-3746 16 +Info 2009-10-22 2010-08-21
1.9
None Local Medium Not required Partial None None
XScreenSaver in Sun Solaris 10, when the accessibility feature is enabled, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276 and CVE-2009-2711.
10 CVE-2009-3432 2009-09-28 2009-10-01
1.9
None Local Medium Not required Partial None None
Unspecified vulnerability in xscreensaver in Sun Solaris 10, and OpenSolaris before snv_112, when Xorg or Xnewt is used and RandR is enabled, allows physically proximate attackers to read a locked screen via unknown vectors related to XRandR resize events.
11 CVE-2009-2490 DoS +Priv 2009-07-16 2009-08-12
1.9
None Local Medium Not required None None Partial
Unspecified vulnerability in the utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to cause a denial of service (audio outage) or possibly gain privileges via unknown vectors related to "resource leaks."
12 CVE-2009-2012 DoS 2009-06-09 2009-06-19
1.9
None Local Medium Not required None None Partial
Unspecified vulnerability in idmap in Sun OpenSolaris snv_88 through snv_110, when a CIFS server is enabled, allows local users to cause a denial of service (idpmapd daemon crash and idmapd outage) via unknown vectors.
13 CVE-2007-4126 DoS 2007-08-01 2008-11-15
1.5
None Local Medium Single system None None Partial
Unspecified vulnerability in the dynamic tracing framework (DTrace) on Sun Solaris 10 before 20070730 allows local users with PRIV_DTRACE_USER privileges to cause a denial of service (panic or hang) via unspecified use of certain DTrace programs.
14 CVE-2007-3700 +Priv 2007-07-11 2009-02-05
1.7
None Local Low Single system Partial None None
Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth.
15 CVE-2006-5214 2006-10-10 2008-09-05
1.2
None Local High Not required Partial None None
Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.
16 CVE-2006-1601 2006-04-04 2008-09-05
1.7
None Local Low Single system Partial None None
Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 allows local users with solaris.cluster.gui authorization to view arbitrary files via unspecified vectors.
17 CVE-2005-2527 59 2005-12-31 2010-11-30
1.2
None Local High Not required None Partial None
Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack.
18 CVE-2003-1588 255 +Info 2010-02-08 2010-04-28
1.9
None Local Medium Not required Partial None None
Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file.
19 CVE-2003-1080 2003-02-11 2008-09-10
1.2
None Local High Not required Partial None None
Unknown vulnerability in mail for Solaris 2.6 through 9 allows local users to read the email of other users.
20 CVE-2003-1073 2003-12-31 2008-09-10
1.2
None Local High Not required None Partial None
A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place.
21 CVE-2003-1061 DoS 2003-10-14 2008-09-05
1.2
None Local High Not required None None Partial
Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines.
22 CVE-2003-0669 DoS 2003-08-27 2008-09-10
1.2
None Local High Not required None None Partial
Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users.
23 CVE-2001-0095 2001-02-12 2008-09-05
1.2
None Local High Not required None Partial None
catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the sman_PID temporary file.
24 CVE-2000-0210 2000-02-21 2008-09-10
1.2
None Local High Not required None Partial None
The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files.
25 CVE-1999-0078 Exec Code 1996-04-18 2008-09-09
1.9
None Local Medium Not required Partial None None
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.
Total number of vulnerabilities : 25   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.