CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

SUN » Sunos » 5.11 : Security Vulnerabilities

Cpe Name:cpe:/o:sun:sunos:5.11
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-0882 94 2007-02-12 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.
2 CVE-2012-4297 119 Exec Code Overflow 2012-08-16 2017-09-18
8.3
None Local Network Low Not required Complete Complete Complete
Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a malformed packet.
3 CVE-2012-3189 2012-10-16 2013-10-10
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability, related to COMSTAR.
4 CVE-2012-3210 2012-10-16 2013-10-10
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via unknown vectors related to Kernel.
5 CVE-2013-3748 2013-07-17 2017-08-28
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Driver/IDM (iSCSI Data Mover).
6 CVE-2013-3753 2013-07-17 2017-08-28
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Kernel/STREAMS framework.
7 CVE-2014-6508 2014-10-15 2014-11-18
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to iSCSI Data Mover (IDM).
8 CVE-2014-4276 2014-10-15 2015-11-06
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Common Internet File System (CIFS).
9 CVE-2012-0217 119 Overflow +Priv 2012-06-12 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
10 CVE-2012-3199 2012-10-16 2013-10-10
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gnome Trusted Extension.
11 CVE-2012-3204 2012-10-16 2013-10-10
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management.
12 CVE-2014-4282 2014-10-15 2015-11-06
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86.
13 CVE-2014-6473 2014-10-15 2015-11-06
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Framework.
14 CVE-2014-6510 2015-01-21 2016-12-06
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management Utility.
15 CVE-2014-6470 2014-10-15 2015-11-06
6.8
None Local Low Single system Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Archive Utility.
16 CVE-2014-6529 2014-10-15 2014-11-18
6.8
None Local Network High Not required Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hermon HCA PCIe driver.
17 CVE-2012-1691 2012-05-03 2017-12-06
6.6
None Local Medium Single system Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Privileges.
18 CVE-2014-6518 2015-01-21 2016-12-06
6.6
None Local Low Not required None Complete Complete
Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to Unix File System (UFS).
19 CVE-2013-0405 2013-04-17 2017-09-18
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality and integrity via vectors related to NFS client mounts and IPv6.
20 CVE-2013-3757 2013-07-17 2017-09-18
6.4
None Remote Low Not required None Partial Partial
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect integrity and availability via vectors related to SMF/File Locking Services.
21 CVE-2013-3786 2013-07-17 2017-09-18
6.0
None Local High Single system Complete Complete Complete
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.
22 CVE-2012-1683 2012-05-03 2017-12-06
5.9
None Local High Multiple systems Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to gssd.
23 CVE-2012-4294 119 Exec Code Overflow 2012-08-16 2017-09-18
5.8
None Local Network Low Not required Partial Partial Partial
Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value.
24 CVE-2012-1687 2012-07-17 2017-08-28
5.6
None Local Low Not required None Partial Complete
Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability, related to Logical Domains (LDOM).
25 CVE-2012-3209 2012-10-16 2013-10-10
5.6
None Local Low Not required None Partial Complete
Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect integrity and availability via unknown vectors related to Logical Domain (LDOM).
26 CVE-2012-4298 189 Exec Code Overflow 2012-08-16 2017-09-18
5.4
None Local Network Medium Not required Partial Partial Partial
Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to execute arbitrary code via a crafted packet-trace file that triggers a buffer overflow.
27 CVE-2012-4287 399 DoS 2012-08-16 2017-09-18
5.0
None Remote Low Not required None None Partial
epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length.
28 CVE-2013-0398 2013-07-17 2017-09-18
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality via unknown vectors related to Utility/Remote Execution Server (in.rexecd).
29 CVE-2014-4277 2014-10-15 2015-11-06
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4283.
30 CVE-2014-6490 2014-10-15 2015-11-06
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to SMB server user component.
31 CVE-2014-6575 2015-01-21 2016-12-06
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Network, a different vulnerability than CVE-2004-0230.
32 CVE-2015-0375 2015-01-21 2017-09-07
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect confidentiality via unknown vectors related to Network.
33 CVE-2012-1681 2012-05-03 2017-12-06
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel/sockfs.
34 CVE-2012-1752 2012-07-17 2017-08-28
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability, related to Kernel/NFS.
35 CVE-2012-3207 2012-10-16 2013-10-10
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel.
36 CVE-2012-3208 2012-10-16 2013-10-10
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability, related to Kernel/RCTL.
37 CVE-2013-1496 2013-04-17 2017-09-18
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1498.
38 CVE-2013-1498 2013-04-17 2017-09-18
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1496.
39 CVE-2013-1507 2013-04-17 2017-09-18
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Filesystem.
40 CVE-2013-3765 2013-07-17 2017-08-28
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Kernel/VM.
41 CVE-2014-4275 2014-10-15 2015-11-06
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to SMB server kernel module.
42 CVE-2014-6497 2014-10-15 2015-11-06
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Kernel.
43 CVE-2014-6570 2015-01-21 2016-12-06
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6600 and CVE-2015-0397.
44 CVE-2014-6600 2015-01-21 2016-12-06
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2015-0397.
45 CVE-2015-0428 2015-01-21 2017-09-07
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Resource Control.
46 CVE-2012-3212 2012-10-16 2013-10-10
4.7
None Local Medium Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel.
47 CVE-2013-3797 2013-07-17 2017-08-28
4.7
None Local Medium Not required None None Complete
Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Filesystem/DevFS.
48 CVE-2012-3211 2012-10-16 2013-10-10
4.6
None Local Low Single system None None Complete
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/System Call.
49 CVE-2013-0407 2013-01-16 2017-09-18
4.6
None Local Low Single system None None Complete
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework.
50 CVE-2014-0442 2014-04-15 2014-04-16
4.6
None Local Low Not required Partial Partial Partial
Unspecified vulnerability in Oracle Solaris 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Print Filter Utility.
Total number of vulnerabilities : 88   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.