CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

SUN : Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-5883 2014-01-15 2014-02-06
3.2
None Local Low Single system None Partial Partial
Unspecified vulnerability in Oracle Solaris 8 allows local users to affect integrity and availability via unknown vectors related to Kernel.
2 CVE-2013-5797 2013-10-16 2014-03-05
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.
3 CVE-2013-2451 2013-06-18 2014-01-30
3.7
None Local High Not required Partial Partial Partial
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use.
4 CVE-2013-1530 2013-04-17 2013-12-05
3.8
None Local High Single system None None Complete
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.
5 CVE-2013-1500 2013-06-18 2014-02-06
3.6
None Local Low Not required Partial Partial None
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory.
6 CVE-2013-0414 2013-01-16 2013-10-10
3.3
None Local Medium Not required None Partial Partial
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via unknown vectors related to Utility/ksh93.
7 CVE-2013-0412 2013-04-17 2013-12-05
3.6
None Local Low Not required None Partial Partial
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax.
8 CVE-2013-0404 2013-04-17 2013-12-05
3.7
None Local High Not required Partial Partial Partial
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Boot.
9 CVE-2012-3165 2012-10-16 2013-10-10
3.6
None Local Low Not required Partial Partial None
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality and integrity via unknown vectors related to mailx.
10 CVE-2012-1720 2012-06-16 2013-11-02
3.7
None Local High Not required Partial Partial Partial
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking.
11 CVE-2012-0569 2013-01-16 2013-12-05
3.3
None Local Medium Not required Partial Partial None
Unspecified vulnerability Oracle Sun Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Install/smpatch.
12 CVE-2012-0109 2012-01-18 2012-01-30
3.6
None Local Low Not required Partial None Partial
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP.
13 CVE-2011-3553 2011-10-19 2014-02-06
3.5
None Remote Medium Single system Partial None None
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS.
14 CVE-2011-2289 2011-07-20 2011-10-04
3.6
None Local Low Not required None Partial Partial
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect integrity and availability via unknown vectors related to LiveUpgrade.
15 CVE-2011-0839 2011-04-20 2012-08-03
3.7
None Local High Multiple systems None None Complete
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect availability, related to LOFS.
16 CVE-2011-0821 2011-04-20 2012-08-03
3.0
None Local Medium Single system Partial Partial None
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors related to uucp.
17 CVE-2011-0812 2011-04-20 2012-08-03
3.7
None Local High Multiple systems None None Complete
Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel.
18 CVE-2011-0801 2011-04-19 2011-04-20
3.6
None Local Low Not required Partial Partial None
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to cp.
19 CVE-2010-4460 2011-01-19 2011-01-26
3.6
None Local Low Not required Partial Partial None
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Fault Manager Daemon.
20 CVE-2010-4450 2011-02-17 2012-04-19
3.7
None Local High Not required Partial Partial Partial
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable.
21 CVE-2010-3586 2011-01-19 2011-01-26
3.6
None Local Low Not required Partial Partial None
Unspecified vulnerability in Oracle Solaris 9 allows local users to affect confidentiality and integrity via unknown vectors related to XScreenSaver.
22 CVE-2010-1183 59 2010-03-29 2010-03-30
3.3
None Local Medium Not required Partial Partial None
Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager.
23 CVE-2009-2856 200 +Info 2009-08-18 2009-08-21
3.5
None Remote Medium Single system Partial None None
Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow remote attackers to read cleartext VDI configuration-data requests by sniffing LDAP sessions on the network.
24 CVE-2007-6505 16 2007-12-20 2008-11-15
3.5
None Remote Medium Single system Partial None None
Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities.
25 CVE-2007-5319 DoS 2007-10-09 2008-11-15
3.5
None Remote Medium Single system None None Partial
Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local users with console (/dev/console) access to cause a denial of service ("unusable" system console) via unspecified vectors.
26 CVE-2006-5213 2006-10-10 2008-09-05
3.6
None Local Low Not required Partial Partial None
Sun Solaris 10 before 20061006 uses "incorrect and insufficient permission checks" that allow local users to intercept or spoof packets by creating a raw socket on a link aggregation (network device aggregation).
27 CVE-2006-4842 20 2006-10-11 2011-06-20
3.6
None Local Low Not required None Partial Partial
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
28 CVE-2006-4439 2006-08-29 2008-09-05
3.6
None Local Low Not required Partial Partial None
pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871.
29 CVE-2006-1830 Exec Code 2006-04-19 2008-09-05
3.7
User Local High Not required Partial Partial Partial
Sun Java Studio Enterprise 8, when installed as root, creates certain files with world-writable permissions, which allows local users to execute arbitrary commands via unspecified vectors.
30 CVE-2005-4796 2005-12-31 2008-09-05
3.6
None Local Low Not required None Partial Partial
Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits.
31 CVE-2005-0576 2005-05-02 2008-09-05
3.6
None Local Low Not required None Partial Partial
Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files.
32 CVE-2003-1058 DoS 2003-12-03 2008-09-10
3.7
User Local High Not required Partial Partial Partial
The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files.
33 CVE-2002-0430 Bypass 2002-08-12 2008-09-10
3.7
User Local High Not required Partial Partial Partial
MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php.
34 CVE-2000-1156 2001-01-09 2008-09-05
3.6
None Local Low Not required Partial Partial None
StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice.
35 CVE-1999-1530 1999-11-08 2008-09-05
3.6
None Local Low Not required Partial Partial None
cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system.
Total number of vulnerabilities : 35   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.