|
|
SUN » Solaris : Security Vulnerabilities (CVSS score between 1 and 1.99)
Copy Results
Download Results
Select Table
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2009-3746 |
16 |
|
+Info |
2009-10-22 |
2010-08-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
XScreenSaver in Sun Solaris 10, when the accessibility feature is enabled, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276 and CVE-2009-2711. |
|
2 |
CVE-2009-3432 |
|
|
|
2009-09-28 |
2009-10-01 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in xscreensaver in Sun Solaris 10, and OpenSolaris before snv_112, when Xorg or Xnewt is used and RandR is enabled, allows physically proximate attackers to read a locked screen via unknown vectors related to XRandR resize events. |
|
3 |
CVE-2007-4126 |
|
|
DoS |
2007-08-01 |
2008-11-15 |
1.5 |
None |
Local |
Medium |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the dynamic tracing framework (DTrace) on Sun Solaris 10 before 20070730 allows local users with PRIV_DTRACE_USER privileges to cause a denial of service (panic or hang) via unspecified use of certain DTrace programs. |
|
4 |
CVE-2006-5214 |
|
|
|
2006-10-10 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users. |
|
5 |
CVE-2003-1080 |
|
|
|
2003-02-11 |
2008-09-10 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Unknown vulnerability in mail for Solaris 2.6 through 9 allows local users to read the email of other users. |
|
6 |
CVE-2003-1073 |
|
|
|
2003-12-31 |
2008-09-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place. |
|
7 |
CVE-2003-1061 |
|
|
DoS |
2003-10-14 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines. |
|
8 |
CVE-2003-0669 |
|
|
DoS |
2003-08-27 |
2008-09-10 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users. |
|
9 |
CVE-2001-0095 |
|
|
|
2001-02-12 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the sman_PID temporary file. |
|
10 |
CVE-1999-0078 |
|
|
Exec Code |
1996-04-18 |
2008-09-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call. |
Total number of vulnerabilities : 10
Page :
1
(This Page)
|
|
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE's CVE web site.
CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE's CWE web site.
OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user's risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.
