CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

SUN » Opensolaris » Snv 92 X86 : Security Vulnerabilities (CVSS score >= 5)

Cpe Name:cpe:/o:sun:opensolaris:snv_92::x86
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-0559 16 2010-02-05 2010-05-25
7.5
None Remote Low Not required Partial Partial Partial
The default configuration of Oracle OpenSolaris snv_91 through snv_131 allows attackers to have an unspecified impact via vectors related to using kclient to join a Windows Active Directory domain.
2 CVE-2010-0558 16 2010-02-05 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
The default configuration of Oracle OpenSolaris snv_77 through snv_131 allows attackers to have an unspecified impact via vectors related to using smbadm to join a Windows Active Directory domain.
3 CVE-2009-3899 399 DoS 2009-11-06 2017-09-18
7.8
None Remote Low Not required None None Complete
Memory leak in the Sockets Direct Protocol (SDP) driver in Sun Solaris 10, and OpenSolaris snv_57 through snv_94, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
4 CVE-2009-3839 Exec Code 2009-11-02 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the Solaris Trusted Extensions Policy configuration in Sun Solaris 10, and OpenSolaris snv_37 through snv_125, might allow remote attackers to execute arbitrary code by leveraging access to the X server.
5 CVE-2009-3390 +Priv 2009-09-24 2009-09-25
7.2
None Local Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the (1) iscsiadm and (2) iscsitadm programs in Sun Solaris 10, and OpenSolaris snv_28 through snv_109, allow local users with certain RBAC execution profiles to gain privileges via unknown vectors related to the libima library.
6 CVE-2009-3183 119 Overflow +Priv 2009-09-14 2017-08-16
7.2
None Local Low Not required Complete Complete Complete
Heap-based buffer overflow in w in Sun Solaris 8 through 10, and OpenSolaris before snv_124, allows local users to gain privileges via unspecified vectors.
7 CVE-2009-3000 399 DoS 2009-08-28 2009-08-31
7.1
None Remote Medium Not required None None Complete
The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_41 through snv_122, when Network Cache Accelerator (NCA) logging is enabled, allows remote attackers to cause a denial of service (panic) via unspecified web-server traffic that triggers a NULL pointer dereference in the nl7c_http_log function, related to "improper http response handling."
8 CVE-2009-2652 DoS 2009-08-03 2017-08-16
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in Solaris Trusted Extensions in Sun Solaris 10, and OpenSolaris snv_37 through snv_120, allows remote attackers to cause a denial of service (panic) via vectors involving the parsing of labeled packets.
9 CVE-2009-2487 399 DoS 2009-07-16 2017-09-18
7.8
None Remote Low Not required None None Complete
Use-after-free vulnerability in the frpr_icmp function in the ipfilter (aka IP Filter) subsystem in Sun Solaris 10, and OpenSolaris snv_45 through snv_110, allows remote attackers to cause a denial of service (panic) via unspecified vectors.
10 CVE-2009-2486 DoS 2009-07-16 2017-09-18
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the SCTP implementation in Sun Solaris 10, and OpenSolaris before snv_120, allows remote attackers to cause a denial of service (panic) via unspecified packets.
11 CVE-2009-2297 DoS 2009-07-02 2009-07-15
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in the udp subsystem in the kernel in Sun Solaris 10, and OpenSolaris snv_90 through snv_108, when Solaris Trusted Extensions is enabled, allows remote attackers to cause a denial of service (panic) via unspecified vectors involving the crgetlabel function, related to a "TX panic." NOTE: this issue exists because of a regression in earlier kernel patches.
12 CVE-2009-2296 2009-07-02 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors.
13 CVE-2009-2029 DoS 2009-06-11 2017-09-28
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+ callbacks.
14 CVE-2009-0923 DoS 2009-03-17 2017-09-28
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Kerberos Incremental Propagation in Solaris 10 and OpenSolaris snv_01 through snv_110 allows remote attackers to cause a denial of service (loss of incremental propagation requests to slave KDC servers) via unknown vectors related to the master Key Distribution Center (KDC) server.
15 CVE-2009-0875 362 DoS +Priv Bypass 2009-03-12 2009-04-02
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allows local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors involving the time at which control is transferred from a caller to a door server.
16 CVE-2009-0873 264 Bypass 2009-03-11 2018-10-30
6.8
User Remote Medium Not required Partial Partial Partial
The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the sec=sys and sec=krb5 security modes, related to modes that "override each other."
17 CVE-2009-0872 264 Bypass 2009-03-11 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes.
18 CVE-2009-0477 264 +Priv 2009-02-08 2009-02-17
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in the process (aka proc) filesystem in Sun OpenSolaris snv_85 through snv_100 allows local users to gain privileges via vectors related to the contract filesystem.
19 CVE-2009-0319 DoS +Priv 2009-01-28 2017-09-28
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in the autofs module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_108, allows local users to cause a denial of service (autofs mount outage) or possibly gain privileges via vectors related to "xdr processing problems."
20 CVE-2009-0304 DoS 2009-01-27 2017-09-28
7.8
None Remote Low Not required None None Complete
The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficient validation security vulnerability," as demonstrated by SunOSipv6.c.
21 CVE-2009-0267 20 DoS 2009-01-26 2017-09-28
5.0
None Remote Low Not required None None Partial
libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does not properly check packets, which allows remote attackers to cause a denial of service (in.iked daemon crash) via an unspecified IKE packet, a different vulnerability than CVE-2007-2989.
22 CVE-2008-5133 264 Bypass 2008-11-18 2017-08-07
5.8
None Remote Medium Not required None Partial Partial
ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows remote attackers to bypass an intended CVE-2008-1447 protection mechanism and spoof the responses to DNS queries sent by named.
23 CVE-2008-5010 DoS 2008-11-10 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ID 6713805.
24 CVE-2007-5365 119 DoS Exec Code Overflow 2007-10-11 2018-10-15
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.
Total number of vulnerabilities : 24   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.