CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

SUN » Sunos : Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-6501 2014-10-15 2014-11-18
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via vectors related to SSH.
2 CVE-2013-6335 264 Bypass 2014-08-26 2014-09-04
2.6
None Local High Not required Partial Partial None
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
3 CVE-2013-5872 2014-01-15 2014-02-06
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to Name Service Cache Daemon (NSCD).
4 CVE-2013-3842 2013-10-16 2013-12-05
2.1
None Local Low Not required Partial None None
Unspecified vulnerability Oracle Solaris 10 allows local users to affect confidentiality via vectors related to Oracle Configuration Manager (OCM).
5 CVE-2013-3745 2013-07-17 2013-12-05
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc.
6 CVE-2012-3205 2012-10-16 2013-10-10
2.1
None Local Low Not required None Partial None
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity via unknown vectors related to Vino server.
7 CVE-2012-3203 2012-10-16 2013-10-10
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability, related to Gnome Display Manager GDM.
8 CVE-2012-3178 2013-01-16 2013-10-10
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the kernel in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors.
9 CVE-2012-3122 2012-07-17 2013-10-10
2.6
None Local High Not required Partial Partial None
Unspecified vulnerability in Oracle Sun Solaris 8 and 9 allows local users to affect confidentiality and integrity via unknown vectors related to sort.
10 CVE-2012-1698 2012-05-03 2013-10-10
2.1
None Remote High Single system Partial None None
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote authenticated users to affect confidentiality, related to Kernel/GLD.
11 CVE-2012-0570 2013-04-17 2013-12-05
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc.
12 CVE-2012-0568 2013-04-17 2013-12-05
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality via unknown vectors related to Utility/fdformat.
13 CVE-2012-0563 2012-07-17 2014-10-10
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kerberos/klist.
14 CVE-2012-0099 2012-01-18 2012-01-30
2.6
None Remote High Not required None None Partial
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to sshd.
15 CVE-2012-0097 2012-01-18 2012-01-30
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect confidentiality via unknown vectors related to ksh93 Shell.
16 CVE-2011-0412 255 2011-04-19 2011-04-20
2.1
None Local Low Not required Partial None None
Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks.
17 CVE-2001-1503 2001-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host.
18 CVE-1999-1449 DoS 1997-05-19 2008-09-05
2.1
None Local Low Not required None None Partial
SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial of service (kernel panic) by reading from the /dev/tcx0 TCX device.
19 CVE-1999-1402 1997-05-17 2008-09-05
2.1
None Local Low Not required None Partial None
The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.
20 CVE-1999-1297 1998-07-15 2008-09-05
2.1
None Local Low Not required Partial None None
cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key.
21 CVE-1999-1137 1993-10-01 2008-09-05
2.1
None Local Low Not required Partial None None
The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.
22 CVE-1999-1102 1999-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.
23 CVE-1999-0797 DoS 1998-06-29 2008-09-09
2.6
None Remote High Not required None None Partial
NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries.
24 CVE-1999-0132 1996-08-15 2008-09-09
2.1
None Local Low Not required Partial None None
Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access.
Total number of vulnerabilities : 24   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.