| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-1530 |
|
|
|
2013-04-17 |
2013-04-17 |
3.8 |
None |
Local |
High |
Single system |
None |
None |
Complete |
|
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via unknown vectors related to Kernel. |
|
2 |
CVE-2013-0414 |
|
|
|
2013-01-16 |
2013-01-17 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via unknown vectors related to Utility/ksh93. |
|
3 |
CVE-2013-0412 |
|
|
|
2013-04-17 |
2013-04-17 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax. |
|
4 |
CVE-2013-0404 |
|
|
|
2013-04-17 |
2013-04-17 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Boot. |
|
5 |
CVE-2012-3165 |
|
|
|
2012-10-16 |
2012-10-22 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality and integrity via unknown vectors related to mailx. |
|
6 |
CVE-2012-1720 |
|
|
|
2012-06-16 |
2012-09-28 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. |
|
7 |
CVE-2012-0569 |
|
|
|
2013-01-16 |
2013-05-29 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability Oracle Sun Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Install/smpatch. |
|
8 |
CVE-2012-0109 |
|
|
|
2012-01-18 |
2012-01-30 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP. |
|
9 |
CVE-2011-3553 |
|
|
|
2011-10-19 |
2012-11-06 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS. |
|
10 |
CVE-2011-2289 |
|
|
|
2011-07-20 |
2011-10-04 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect integrity and availability via unknown vectors related to LiveUpgrade. |
|
11 |
CVE-2011-0839 |
|
|
|
2011-04-20 |
2012-08-03 |
3.7 |
None |
Local |
High |
Multiple systems |
None |
None |
Complete |
|
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect availability, related to LOFS. |
|
12 |
CVE-2011-0821 |
|
|
|
2011-04-20 |
2012-08-03 |
3.0 |
None |
Local |
Medium |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors related to uucp. |
|
13 |
CVE-2011-0812 |
|
|
|
2011-04-20 |
2012-08-03 |
3.7 |
None |
Local |
High |
Multiple systems |
None |
None |
Complete |
|
Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel. |
|
14 |
CVE-2011-0801 |
|
|
|
2011-04-19 |
2011-04-20 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to cp. |
|
15 |
CVE-2010-4460 |
|
|
|
2011-01-19 |
2011-01-26 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Fault Manager Daemon. |
|
16 |
CVE-2010-4450 |
|
|
|
2011-02-17 |
2012-04-19 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable. |
|
17 |
CVE-2010-3586 |
|
|
|
2011-01-19 |
2011-01-26 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in Oracle Solaris 9 allows local users to affect confidentiality and integrity via unknown vectors related to XScreenSaver. |
|
18 |
CVE-2010-1183 |
59 |
|
|
2010-03-29 |
2010-03-30 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager. |
|
19 |
CVE-2009-2856 |
200 |
|
+Info |
2009-08-18 |
2009-08-21 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow remote attackers to read cleartext VDI configuration-data requests by sniffing LDAP sessions on the network. |
|
20 |
CVE-2007-6505 |
16 |
|
|
2007-12-20 |
2008-11-15 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities. |
|
21 |
CVE-2007-5319 |
|
|
DoS |
2007-10-09 |
2008-11-15 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local users with console (/dev/console) access to cause a denial of service ("unusable" system console) via unspecified vectors. |
|
22 |
CVE-2006-5213 |
|
|
|
2006-10-10 |
2008-09-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Sun Solaris 10 before 20061006 uses "incorrect and insufficient permission checks" that allow local users to intercept or spoof packets by creating a raw socket on a link aggregation (network device aggregation). |
|
23 |
CVE-2006-4842 |
20 |
|
|
2006-10-11 |
2011-06-20 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files. |
|
24 |
CVE-2006-4439 |
|
|
|
2006-08-29 |
2008-09-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871. |
|
25 |
CVE-2006-1830 |
|
|
Exec Code |
2006-04-19 |
2008-09-05 |
3.7 |
User |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Sun Java Studio Enterprise 8, when installed as root, creates certain files with world-writable permissions, which allows local users to execute arbitrary commands via unspecified vectors. |
|
26 |
CVE-2005-4796 |
|
|
|
2005-12-31 |
2008-09-05 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits. |
|
27 |
CVE-2005-0576 |
|
|
|
2005-05-02 |
2008-09-05 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files. |
|
28 |
CVE-2003-1058 |
|
|
DoS |
2003-12-03 |
2008-09-10 |
3.7 |
User |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files. |
|
29 |
CVE-2002-0430 |
|
|
Bypass |
2002-08-12 |
2008-09-10 |
3.7 |
User |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php. |
|
30 |
CVE-2000-1156 |
|
|
|
2001-01-09 |
2008-09-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice. |
|
31 |
CVE-1999-1530 |
|
|
|
1999-11-08 |
2008-09-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system. |
