cpe:2.3:o:sun:solaris:10:*:sparc:*:*:*:*:*
Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120011-* and 120012-* patches, allows remote attackers to bypass certain netgroup restrictions and obtain root access to a filesystem via NFS requests from a client root user.
Max CVSS
9.3
EPSS Score
1.52%
Published
2007-12-17
Updated
2017-08-08
Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors.
Max CVSS
4.7
EPSS Score
0.04%
Published
2008-02-12
Updated
2017-09-29
Unspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability than CVE-2007-4126.
Max CVSS
4.7
EPSS Score
0.04%
Published
2008-02-25
Updated
2017-09-29
Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.
Max CVSS
9.3
EPSS Score
35.61%
Published
2008-08-08
Updated
2018-10-30
Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.
Max CVSS
9.3
EPSS Score
10.31%
Published
2008-08-08
Updated
2018-10-30
Unspecified vulnerability in the ipsecah kernel module in Sun Solaris 10, when a key management daemon for IPsec security associations is running, allows local users to cause a denial of service (panic) via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2008-03-08
Updated
2017-08-08
Unspecified vulnerability in the Inter-Process Communication (IPC) message queue subsystem in Sun Solaris 10 allows local users to cause a denial of service (reboot) via blocked I/O message queues.
Max CVSS
4.9
EPSS Score
0.04%
Published
2008-03-13
Updated
2017-08-08
Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java Desktop System (JDS), when using the GNOME On-Screen Keyboard (GOK), allows local users to bypass authentication via unknown vectors that cause the screen saver to crash.
Max CVSS
6.3
EPSS Score
0.04%
Published
2008-03-17
Updated
2017-08-08
inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file.
Max CVSS
4.7
EPSS Score
0.04%
Published
2008-04-06
Updated
2017-09-29
Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a denial of service (panic) via unknown vectors related to self encapsulated IP packets.
Max CVSS
6.8
EPSS Score
0.46%
Published
2008-04-14
Updated
2017-09-29
Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors.
Max CVSS
4.6
EPSS Score
0.07%
Published
2008-04-14
Updated
2017-08-08
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet.
Max CVSS
7.8
EPSS Score
3.51%
Published
2008-05-06
Updated
2017-09-29
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet.
Max CVSS
7.8
EPSS Score
3.51%
Published
2008-05-06
Updated
2017-09-29
Race condition in the STREAMS Administrative Driver (sad) in Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.
Max CVSS
4.7
EPSS Score
0.04%
Published
2008-05-23
Updated
2017-09-29
Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv_93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors.
Max CVSS
6.9
EPSS Score
0.04%
Published
2008-06-03
Updated
2017-09-29
Unspecified vulnerability in the event port implementation in Sun Solaris 10 allows local users to cause a denial of service (panic) by submitting and retrieving user-defined events, probably related to a NULL dereference.
Max CVSS
4.9
EPSS Score
0.04%
Published
2008-06-16
Updated
2017-09-29
Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.
Max CVSS
7.2
EPSS Score
0.04%
Published
2008-06-16
Updated
2018-10-30
Unspecified vulnerability in the Solaris Platform Information and Control Library daemon (picld) in Sun Solaris 8 through 10, and OpenSolaris builds snv_01 through snv_95, allows local users to cause a denial of service via unknown vectors that prevent operation of utilities such as prtdiag, prtpicl, and prtfru.
Max CVSS
2.1
EPSS Score
0.04%
Published
2008-07-31
Updated
2018-10-30
Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in Sun Solaris 10 and OpenSolaris before snv_90 allows local users to cause a denial of service (system hang or panic) via unknown vectors.
Max CVSS
4.7
EPSS Score
0.04%
Published
2008-08-07
Updated
2017-09-29
Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured; and (2) local users to cause a denial of service (panic) via a call to the sendfile system call, as reachable through the sendfilev library.
Max CVSS
7.1
EPSS Score
0.10%
Published
2008-08-13
Updated
2018-10-30
Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation in Sun Solaris 10 and OpenSolaris before snv_88 allows local administrators of non-global zones to read and modify NFS traffic for arbitrary non-global zones, possibly leading to file modifications or a denial of service.
Max CVSS
7.2
EPSS Score
0.07%
Published
2008-08-27
Updated
2017-08-08
Unspecified vulnerability in the NFS module in the kernel in Sun Solaris 10 and OpenSolaris snv_59 through snv_87, when configured as an NFS server without the nodevices option, allows local users to cause a denial of service (panic) via unspecified vectors.
Max CVSS
4.7
EPSS Score
0.04%
Published
2008-08-27
Updated
2017-08-08
The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass chroot, zones, and the Solaris Trusted Extensions multi-level security policy, and establish a covert communication channel, via unspecified vectors involving system calls.
Max CVSS
7.2
EPSS Score
0.04%
Published
2008-09-02
Updated
2017-09-29
Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privileges via vectors related to handling of tags with (1) the -t option and (2) the :tag command in the (a) vi, (b) ex, (c) vedit, (d) view, and (e) edit programs.
Max CVSS
7.2
EPSS Score
0.04%
Published
2008-09-19
Updated
2017-09-29
Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via unknown vectors related to the Solaris Access Control List (ACL) implementation.
Max CVSS
4.7
EPSS Score
0.04%
Published
2008-09-22
Updated
2017-09-29
68 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!