# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2021-43360 |
502 |
|
Exec Code |
2021-12-01 |
2021-12-02 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services. |
2 |
CVE-2021-43359 |
|
|
Exec Code |
2021-12-01 |
2022-07-25 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services. |
3 |
CVE-2021-43358 |
22 |
|
Dir. Trav. |
2021-12-01 |
2021-12-02 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files. |
4 |
CVE-2020-10510 |
20 |
|
|
2020-03-27 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data. |
5 |
CVE-2020-10509 |
79 |
|
XSS |
2020-03-27 |
2020-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack. |
6 |
CVE-2020-10508 |
200 |
|
+Info |
2020-03-27 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information. |
7 |
CVE-2015-0430 |
|
|
|
2015-01-21 |
2017-09-08 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality via vectors related to RPC Utility. |
8 |
CVE-2015-0429 |
|
|
|
2015-01-21 |
2017-09-08 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to RPC Utility. |
9 |
CVE-2015-0428 |
|
|
|
2015-01-21 |
2017-09-08 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Resource Control. |
10 |
CVE-2015-0397 |
|
|
|
2015-01-21 |
2017-09-08 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2014-6600. |
11 |
CVE-2015-0375 |
|
|
|
2015-01-21 |
2017-09-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect confidentiality via unknown vectors related to Network. |
12 |
CVE-2014-6600 |
|
|
|
2015-01-21 |
2016-12-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2015-0397. |
13 |
CVE-2014-6575 |
|
|
|
2015-01-21 |
2016-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Network, a different vulnerability than CVE-2004-0230. |
14 |
CVE-2014-6570 |
|
|
|
2015-01-21 |
2016-12-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6600 and CVE-2015-0397. |
15 |
CVE-2014-6529 |
|
|
|
2014-10-15 |
2014-11-19 |
6.8 |
None |
Local Network |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hermon HCA PCIe driver. |
16 |
CVE-2014-6524 |
|
|
|
2015-01-21 |
2016-12-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel. |
17 |
CVE-2014-6521 |
|
|
|
2015-01-21 |
2016-12-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via vectors related to CDE - Power Management Utility. |
18 |
CVE-2014-6518 |
|
|
|
2015-01-21 |
2016-12-07 |
6.6 |
None |
Local |
Low |
Not required |
None |
Complete |
Complete |
Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to Unix File System (UFS). |
19 |
CVE-2014-6510 |
|
|
|
2015-01-21 |
2016-12-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management Utility. |
20 |
CVE-2014-6509 |
|
|
|
2015-01-21 |
2016-12-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability via unknown vectors related to Kernel. |
21 |
CVE-2014-6508 |
|
|
|
2014-10-15 |
2014-11-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to iSCSI Data Mover (IDM). |
22 |
CVE-2014-6501 |
|
|
|
2014-10-15 |
2015-11-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via vectors related to SSH. |
23 |
CVE-2014-6497 |
|
|
|
2014-10-15 |
2015-11-06 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Kernel. |
24 |
CVE-2014-6490 |
|
|
|
2014-10-15 |
2015-11-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to SMB server user component. |
25 |
CVE-2014-6481 |
|
|
|
2015-01-21 |
2016-12-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect confidentiality via vectors related to KSSL. |
26 |
CVE-2014-6473 |
|
|
|
2014-10-15 |
2015-11-06 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Framework. |
27 |
CVE-2014-6470 |
|
|
|
2014-10-15 |
2015-11-06 |
6.8 |
None |
Local |
Low |
??? |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Archive Utility. |
28 |
CVE-2014-4284 |
|
|
|
2014-10-15 |
2015-11-06 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than CVE-2014-4280. |
29 |
CVE-2014-4283 |
|
|
|
2014-10-15 |
2015-11-06 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4277. |
30 |
CVE-2014-4282 |
|
|
|
2014-10-15 |
2015-11-06 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86. |
31 |
CVE-2014-4280 |
|
|
|
2014-10-15 |
2015-11-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than CVE-2014-4284. |
32 |
CVE-2014-4277 |
|
|
|
2014-10-15 |
2015-11-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4283. |
33 |
CVE-2014-4276 |
|
|
|
2014-10-15 |
2015-11-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Common Internet File System (CIFS). |
34 |
CVE-2014-4275 |
|
|
|
2014-10-15 |
2015-11-06 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to SMB server kernel module. |
35 |
CVE-2014-4239 |
|
|
|
2014-07-17 |
2018-10-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Common Agent Container (Cacao). |
36 |
CVE-2014-4225 |
|
|
|
2014-07-17 |
2018-10-09 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Patch installation scripts. |
37 |
CVE-2014-4224 |
|
|
|
2014-07-17 |
2018-10-09 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows local users to affect availability via unknown vectors related to sockfs. |
38 |
CVE-2014-4215 |
|
|
|
2014-07-17 |
2018-10-09 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers, a different vulnerability than CVE-2013-5862. |
39 |
CVE-2014-0447 |
|
|
|
2014-04-16 |
2016-11-22 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2013-5876. |
40 |
CVE-2014-0442 |
|
|
|
2014-04-16 |
2014-04-16 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Oracle Solaris 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Print Filter Utility. |
41 |
CVE-2014-0421 |
|
|
|
2014-04-16 |
2014-04-16 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Oracle Solaris 10, when running on the SPARC64-X Platform, allows local users to affect confidentiality, integrity, and availability via unknown vectors. |
42 |
CVE-2014-0390 |
|
|
|
2014-01-15 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Java Web Console. |
43 |
CVE-2013-5883 |
|
|
|
2014-01-15 |
2017-08-29 |
3.2 |
None |
Local |
Low |
??? |
None |
Partial |
Partial |
Unspecified vulnerability in Oracle Solaris 8 allows local users to affect integrity and availability via unknown vectors related to Kernel. |
44 |
CVE-2013-5876 |
|
|
|
2014-01-15 |
2017-08-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2014-0447. |
45 |
CVE-2013-5872 |
|
|
|
2014-01-15 |
2017-08-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to Name Service Cache Daemon (NSCD). |
46 |
CVE-2013-5864 |
|
|
|
2013-10-16 |
2017-09-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to USB hub driver. |
47 |
CVE-2013-5862 |
|
|
|
2013-10-16 |
2017-09-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers, a different vulnerability than CVE-2014-4215. |
48 |
CVE-2013-5852 |
|
|
|
2013-10-16 |
2022-05-13 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5824, and CVE-2013-5832. |
49 |
CVE-2013-5850 |
|
|
|
2013-10-16 |
2022-05-13 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5842. |
50 |
CVE-2013-5849 |
|
|
|
2013-10-16 |
2022-05-13 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT. |